🛡️
./Malfav.asm
Linkedin
  • 👋./Malfav.asm
    • 🕸️Malfav Agenda
  • 🕷️Malware Introduction
    • 💡What is Malware
      • 🌠FIN Malware
      • 🦘Cyber Gang Malware
        • 🕷️Spiders Malware
      • 🕵️‍♀️Cyber Espionage Malware
      • 🍘Cyber Sabotage Malware
      • 🛴Rootkit
        • 🫚Bootkit
    • 🦫Nations State APT
      • 🗯️APT
      • 🇮🇷Iran APT
      • 🇷🇺Russian APT
      • 🇨🇳Chines APT
      • 🇮🇳India APT
      • 🇵🇰Pakistan APT
      • 🇻🇳Vietnamese APT
      • 🇰🇵North Korean APT
    • 🥋Mobile Malware
      • 📲Android Malware
        • 💰Commerical Android Malware
          • Common Android Spyware
        • 🧧Common Android Exploits
          • 0️Common Android 0day
      • 📱IPHONE Malware
        • 🐚Common IPHONE Spyware
        • 💥Commerical IPHONE Malware
        • 💣Common IPHONE Exploits
    • 📃Malicious Documents
      • 📨Excel Spreadsheets
      • 🗼PowerPoint Presentations
      • 🤺Microsoft Office Documents
      • 📑PDF
      • 📄Other Document Formats
      • 🩼Common Techniques Used in Malicious Documents
    • 🏞️Advanced Persistence Threat - APT
      • 🥠APT Groups
        • 🇨🇳Mustang Panda
        • 🛕Mustard Tempest
        • 🇨🇳Naikon
        • 🪡NEODYMIUM
        • 🇷🇺Nomadic Octopus
        • 🇮🇷OilRig
        • 🍊Orangeworm
        • 🇮🇳Patchwork
        • 🇨🇳PittyTiger
        • 🌏PLATINUM
        • 🇱🇧POLONIUM
        • 🇵🇹Poseidon Group
        • 🇹🇲PROMETHIUM
        • 🇨🇳Putter Panda
        • 🦝Rancor
        • 🇨🇳Rocke
        • 🐢RTM
        • 🇷🇺Sandworm Team
        • 🃏Scarlet Mimic
        • 🇬🇱Scattered Spider
        • 🇵🇰SideCopy
        • 🇮🇳Sidewinder
        • 🔕Silence
        • 🇮🇷Silent Librarian
        • 🇳🇬SilverTerrier
        • 🐞Sowbug
        • 🔱Strider
        • 🇨🇳Suckfly
        • 🥃TA2541
        • 🇨🇳TA459
        • 💼TA505
        • 💰TA551
        • ☁️TeamTNT
        • 🇷🇺TEMP.Veles
        • 🦳The White Company
        • 💳Threat Group-1314
        • 🫓Threat Group-3390
        • 🇨🇳Threat Group-3390
        • 🦐Thrip
        • 🐈ToddyCat
        • 🐙Tonto Team
        • 🇵🇰Transparent Tribe
        • 🐠Tropic Trooper
        • 🐢Turla
        • 🇮🇷UNC788
        • 🇱🇧Volatile Cedar
        • 🇨🇳Volt Typhoon
        • 🕊️Whitefly
        • 🔘Windigo
        • 🪽Windshift
        • 🇨🇳Winnti Group
        • 🥀WIRTE
        • 🇷🇺Wizard Spider
        • 🎪ZIRCONIUM
      • 🏹APT's Software
        • 🐀3PARA RAT
        • 🐀4H RAT
        • ⚱️AADInternals
        • 🔻ABK
        • ⚗️AbstractEmu
        • 🪱ACAD/Medre.A
        • 🇲🇰AcidRain
        • 🐬Action RAT
  • 🐁OS Internal's
    • 🍩Suspicious API's
      • 🪨Process Information API's
      • 🧩Registry API's
      • 🔒Encryption API's
      • 📯Restore Point API's
      • 👾Exfiltration API's
      • 🦉Data Wiping API's
      • 📨Shadow Copy API's
      • 🪼What is Malicious API's Functions
      • 🌪️System Information API's
      • 🌀Network Information API's
  • 🪟Windows Internal
    • 📡Windows Internal
      • 🦐Why Windows Internal ?
        • 🏵️Process
        • 🧵Thread
        • 🪭Handle
        • 🌐Memory
        • ☢️Ram
        • 🤖ROM
  • 👁️‍🗨️Malware Technique
    • 📓Malware Technique
    • 💢Obfuscation
      • 🦾Anti-Debugging Techniques
      • 🏗️Instruction Substitution
      • 📔Code Obfuscation
      • 📦Code Packing
      • 💈Polymorphism
      • 🌬️Control Flow Obfuscation
      • 🪅Data Obfuscation
      • 💅Metadata Obfuscation
      • 🎣Metamorphism
      • ⛲Runtime Obfuscation
    • 🛌Persistence Mechanism
      • 🔰Registry Persistence Mechanism
      • 🗑️Task Sch Persistence Mechanism
      • 📂Startup Folder
      • 🎋AppData Folder
      • 🪹Temp Folder
  • ⚔️Malware Resources
    • 👻Malware Resources
    • 🎇Malware Sample Resources
      • 🌡️VirusShare
      • ♠️MalShare
      • 🚥MalwareTraffic
      • 🚏Malware Bazaar
  • Malware Analysis Toolkit
    • 🧌Windows Malware Analysis Toolkit
      • 💉Common Online Malware Analysis Toolkit
        • 💎Joe Sandbox
        • 🎪VT - VirusTotal
        • 👽Threat.Zone
        • 🐦Hybrid Analysis
        • 🦄Any.run
        • 🥫Filescan
      • 🥝Static Analysis Tools
        • 🍡Advance Static Analysis Tool
      • 💠Dynamic Analysis Tool
        • Advance Dynamic Analysis Tool
      • 🥜Network Analysis Tool
      • 🥟String Dumpers Toolkit
        • 📏Strings
        • 🦞Floss
    • 📱Android Malware Analysis Toolkit
      • 🕹️Static Analysis Toolkit
      • 💠Dynamic Analysis Toolkit
      • 🫒Online Analysis Toolkit
    • 📱IPHONE Malware Analysis Toolkit
      • 🥢Static Analysis Toolkit
      • ♦️Dynamic Analysis Toolkit
    • 💻MAC OSX Malware Analysis Toolkit
      • 📯Static Analysis Toolkit
      • 🍭Dynamic Analysis Toolkit
      • 🌬️Online Analysis Toolkit
  • Books and Guidelines
    • 🔋Books and Guidelines for Malware Analysis .
      • 🏋️‍♀️Android Malware Analysis 101
      • 🥖Common Anti-Forensics
      • 🦣Memory Forensics GUI
      • 📼Assembly for Malware Analyst
      • 💾Disk Image Forensics
      • ⚡Volatility Noob to Pro
  • 📋Malware Analysis Tips
    • 🖇️Malware Analysis Tips
      • 🏮Memory Malware Analysis
      • 🐜Technique to Investigate Process
      • 💥Process Lists 1
      • 💥Process Lists 2
      • 💥Process Lists 3
  • 🧽Incident Response
    • 🐳What is Incident Response
      • Incident Response Tools
      • Incident Response Toolkit
  • Technical Analysis Report
    • 🦎Technical Analysis Report
      • 🧲Stuxnet Memory Analysis
  • 🚨Rootkit Removal
    • 🤖Rootkit Removal
  • 🗜️Antivirus Artifact
    • 〽️Antivirus Artifact
      • 🀄Antivirus Process Name
  • 🧠Malware Author Mindset
    • 💽Malware Author Mindset
      • 🍫How Malware Author Terminate Antivirus Process during runtime ?
Powered by GitBook
On this page
  1. Malware Introduction
  2. What is Malware
  3. Rootkit

Bootkit

A bootkit is a type of malware that infects the boot process of a computer, targeting the Master Boot Record (MBR) or the boot sector of a hard drive. Bootkits are designed to load before the operating system, giving them the ability to execute before traditional antivirus software and operating system protections can be engaged.

Key Characteristics of Bootkits

  1. Pre-Operating System Execution

    • Early Load: Bootkits are loaded before the operating system starts, which allows them to bypass many traditional security measures and evade detection by antivirus software.

    • Boot Sector Infection: They typically infect the boot sector or MBR of a hard drive. This means they execute during the boot process, making them difficult to detect and remove.

  2. Types of Bootkits

    • MBR Bootkits: Target the Master Boot Record (MBR) of a hard drive. They modify the MBR to load malicious code before the operating system starts.

    • UEFI/BIOS Bootkits: Target the UEFI (Unified Extensible Firmware Interface) or BIOS (Basic Input/Output System) firmware. These are harder to detect and remove because they operate at a lower level than the operating system.

  3. Common Functions

    • Persistence: Ensures that the malware remains on the system even if the operating system is reinstalled or the hard drive is reformatted.

    • Stealth: Hides itself and other malicious activities from the operating system and security software by intercepting and altering system boot processes.

    • Control: Allows attackers to gain control of the system early in the boot process, providing the ability to install additional malware, steal information, or manipulate system operations.

  4. Detection and Prevention

    • Boot Sector Scanners: Specialized tools designed to scan and detect anomalies in the boot sector or MBR.

    • UEFI/BIOS Integrity Checks: Monitoring and verifying the integrity of UEFI/BIOS firmware to detect unauthorized modifications.

    • Secure Boot: Utilizing secure boot features to ensure that only trusted and signed bootloaders and operating systems are loaded during the boot process.

    • Firmware Updates: Keeping firmware up to date with the latest security patches to protect against vulnerabilities exploited by bootkits.

  5. Incident Response

    • Containment: Isolating affected systems to prevent further spread or damage caused by the bootkit.

    • Eradication: Removing the bootkit, which may require specialized tools or a full system reinstallation, including reformatting the hard drive and reinstalling the operating system.

    • Recovery: Restoring systems from clean backups and implementing security measures to prevent future infections, such as enabling secure boot and applying firmware updates.

PreviousRootkitNextNations State APT

Last updated 10 months ago

🕷️
💡
🛴
🫚
Page cover image