Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loader
Tags
country: Laos
attack-pattern: Data Bootkit - T1542.003 Firmware - T1592.003 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Native Api - T1575 Software - T1592.002 Vulnerabilities - T1588.006 Bootkit - T1067 Execution Through Api - T1106
Show in Graph
Common Information
Type Value
UUID 91437a8d-94d4-4c6d-a559-65abd7691df2
Fingerprint 2c9df057fd267c85
Analysis status DONE
Considered CTI value 1
Text language
Published July 31, 2021, 9:40 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loader
Title Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loader
Detected Hints/Tags/Attributes 73/2/39
Source URLs
Redirection Url
Details Source https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66
URL Provider
Details Provider Source level domain
Details medium.com bi-zone.medium.com
Attributes
Details Type #Events CTI Value
Details CVE 1 
cve-2021-27094
Details CVE 1 
cve-2021-28447
Details Domain 3 
edk2-docs.gitbook.io
Details Domain 1 
thinkinghard.com
Details Domain 45 
source.android.com
Details Domain 1 
dfir.ru
Details Domain 281 
docs.microsoft.com
Details Domain 262 
www.welivesecurity.com
Details Domain 4127 
github.com
Details Domain 1 
specification.md
Details File 18 
winload.exe
Details File 125 
ntoskrnl.exe
Details File 1 
01-elam-blob.png
Details File 1 
02-elam-blob-measured.png
Details File 1 
03-elam-blob-altered.png
Details File 1 
04-elam-blob-altered-measured.png
Details File 1 
01-regedit.png
Details File 1 
02-hexeditor-intact.png
Details File 1 
03-hexeditor-modified.png
Details File 1 
04-leaf-as-loaded-by-winload.png
Details File 1 
05-leaf-as-loaded-by-kernel.png
Details File 1 
06-leaf-as-loaded-by-kernel.png
Details File 1 
07-leaf-after-check-by-kernel.png
Details File 1 
08-leaf-as-seen-by-elam.png
Details File 816 
index.html
Details Github username 1 
msuhanov
Details Url 1 
https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/overview
Details Url 1 
https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process
Details Url 1 
http://thinkinghard.com/secureinternetbanking/index.html
Details Url 1 
https://dfir.ru/2018/07/21/a-live-forensic-distribution-executing-malicious-code-from-a-suspect-drive
Details Url 1 
https://source.android.com/security/verifiedboot/verified-boot
Details Url 1 
https://dfir.ru/2018/10/07/hiding-data-in-the-registry
Details Url 1 
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware
Details Url 1 
https://docs.microsoft.com/en-us/windows/win32/services/protecting-anti-malware-services-
Details Url 1 
https://www.microsoft.com/security/blog/2020/09/01/force-firmware-code-to-be-measured-and-attested-by-secure-launch-on-windows-10
Details Url 1 
https://www.welivesecurity.com/2012/12/27/win32gapz-new-bootkit-technique
Details Url 1 
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/elam-driver-requirements#malware
Details Url 1 
https://github.com/msuhanov/regf/blob/master/windows
Details Url 1 
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/elam-driver-requirementsis