DS0001 Firmware
Computer software that provides low-level control for the hardware and device(s) of a host, such as BIOS or UEFI/EFI
| Item | Value |
|---|---|
| ID | DS0001 |
| Platforms | Linux, Windows, macOS |
| Collection Layers | Host |
| Version | 1.0 |
| Created | 20 October 2021 |
| Last Modified | 30 March 2022 |
Data Components
Firmware Modification
Changes made to firmware, including its settings and/or data, such as MBR (Master Boot Record) and VBR (Volume Boot Record)
| Domain | ID | Name |
|---|---|---|
| enterprise | T1495 | Firmware Corruption |
| enterprise | T1564 | Hide Artifacts |
| enterprise | T1564.005 | Hidden File System |
| ics | T0839 | Module Firmware |
| enterprise | T1542 | Pre-OS Boot |
| enterprise | T1542.001 | System Firmware |
| enterprise | T1542.002 | Component Firmware |
| enterprise | T1542.004 | ROMMONkit |
| enterprise | T1542.005 | TFTP Boot |
| enterprise | T1014 | Rootkit |
| ics | T0851 | Rootkit |
| ics | T0857 | System Firmware |
References
-
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Boot Information. Retrieved October 21, 2020. ↩
-
Upham, K. (2014, March). Going Deep into the BIOS with MITRE Firmware Security Research. Retrieved January 5, 2016. ↩
-
Butterworth, J. (2013, July 30). Copernicus: Question Your Assumptions about BIOS Security. Retrieved December 11, 2015. ↩
-
Beek, C., Samani, R. (2017, March 8). CHIPSEC Support Against Vault 7 Disclosure Scanning. Retrieved March 13, 2017. ↩
-
Intel. (2017, March 18). CHIPSEC Platform Security Assessment Framework. Retrieved March 20, 2017. ↩
-
Intel Security. (2005, July 16). HackingTeam’s UEFI Rootkit Details. Retrieved March 20, 2017. ↩