T1542 Pre-OS Boot Mappings

Adversaries may abuse Pre-OS Boot mechanisms as a way to establish persistence on a system. During the booting process of a computer, firmware and various startup services are loaded before the operating system. These programs control flow of execution before the operating system takes control.(Citation: Wikipedia Booting)

Adversaries may overwrite data in boot drivers or firmware such as BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) to persist on systems at a layer below the operating system. This can be particularly difficult to detect as malware at this level will not be detected by host software-based defenses.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
amazon_virtual_private_cloud Amazon Virtual Private Cloud technique_scores T1542 Pre-OS Boot
aws_network_firewall AWS Network Firewall technique_scores T1542 Pre-OS Boot

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1542.005 TFTP Boot 2