& Bootkit

From ema
Jump to navigation Jump to search
EMA ID: ema-1225
Description: ATT&CK considers this a technique under the Persistence tactic. Might it also be a Defense Evasion tactic?

The 'execute before/external to kernel/hypervisor' Behavior executes some or all of the malware instance's code before or external to the system's kernel or hypervisor (e.g., through the BIOS).

Associated Capabilities/Subcapabilities: Capability.png Defense Evasion

Associated With & Bootkit
No results