Adversaries may abuse Pre-OS Boot mechanisms as a way to establish persistence on a system. During the booting process of a computer, firmware and various startup services are loaded before the operating system. These programs control flow of execution before the operating system takes control.(Citation: Wikipedia Booting)
Adversaries may overwrite data in boot drivers or firmware such as BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) to persist on systems at a layer below the operating system. This can be particularly difficult to detect as malware at this level will not be detected by host software-based defenses.
View in MITRE ATT&CK®Technique ID | Technique Name | Number of Mappings |
---|---|---|
T1542.003 | Bootkit | 19 |
T1542.002 | Component Firmware | 1 |
T1542.004 | ROMMONkit | 23 |
T1542.001 | System Firmware | 26 |
T1542.005 | TFTP Boot | 27 |