Skip to content


BOOTRASH is a Bootkit that targets Windows operating systems. It has been used by threat actors that target the financial sector.123

Item Value
ID S0114
Associated Names
Version 1.1
Created 31 May 2017
Last Modified 09 June 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1564 Hide Artifacts -
enterprise T1564.005 Hidden File System BOOTRASH has used unallocated disk space between partitions for a hidden file system that stores components of the Nemesis bootkit.2
enterprise T1542 Pre-OS Boot -
enterprise T1542.003 Bootkit BOOTRASH is a Volume Boot Record (VBR) bootkit that uses the VBR to maintain persistence.123


Back to top