Esc

ROMMONkit - T1542.004

(ATT&CK® Technique)

Definition

Adversaries may abuse the ROM Monitor (ROMMON) by loading an unauthorized firmware with adversary code to provide persistent access and manipulate device behavior that is difficult to detect.

D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.

        graph LR;

     T1542004["ROMMONkit"] --> |modifies| SystemFirmware["System Firmware"]; class T1542004 OffensiveTechniqueNode;
        class SystemFirmware ArtifactNode; click SystemFirmware href "/dao/artifact/d3f:SystemFirmware";
        click T1542004 href "/offensive-technique/attack/T1542.004/"; click SystemFirmware href "/dao/artifact/d3f:SystemFirmware";             SystemFirmwareVerification["System Firmware Verification"] -->
          | verifies | SystemFirmware["System Firmware"];

          SystemFirmwareVerification["System Firmware Verification"] -.->
            | may-detect | T1542004["ROMMONkit"] ;
          class SystemFirmwareVerification DefensiveTechniqueNode;
          class SystemFirmware ArtifactNode;
          click SystemFirmwareVerification href "/technique/d3f:SystemFirmwareVerification";              SoftwareUpdate["Software Update"] -->
          | updates | SystemFirmware["System Firmware"];

          SoftwareUpdate["Software Update"] -.->
            | may-harden | T1542004["ROMMONkit"] ;
          class SoftwareUpdate DefensiveTechniqueNode;
          class SystemFirmware ArtifactNode;
          click SoftwareUpdate href "/technique/d3f:SoftwareUpdate";      FirmwareVerification["Firmware Verification"] -->
          | verifies | SystemFirmware["System Firmware"];

          FirmwareVerification["Firmware Verification"] -.->
            | may-detect | T1542004["ROMMONkit"] ;
          class FirmwareVerification DefensiveTechniqueNode;
          class SystemFirmware ArtifactNode;
          click FirmwareVerification href "/technique/d3f:FirmwareVerification";                                                RestoreSoftware["Restore Software"] -->
          | restores | SystemFirmware["System Firmware"];

          RestoreSoftware["Restore Software"] -.->
            | may-restore | T1542004["ROMMONkit"] ;
          class RestoreSoftware DefensiveTechniqueNode;
          class SystemFirmware ArtifactNode;
          click RestoreSoftware href "/technique/d3f:RestoreSoftware"; FirmwareBehaviorAnalysis["Firmware Behavior Analysis"] -->
          | analyzes | SystemFirmware["System Firmware"];

          FirmwareBehaviorAnalysis["Firmware Behavior Analysis"] -.->
            | may-detect | T1542004["ROMMONkit"] ;
          class FirmwareBehaviorAnalysis DefensiveTechniqueNode;
          class SystemFirmware ArtifactNode;
          click FirmwareBehaviorAnalysis href "/technique/d3f:FirmwareBehaviorAnalysis"; FirmwareEmbeddedMonitoringCode["Firmware Embedded Monitoring Code"] -->
          | analyzes | SystemFirmware["System Firmware"];

          FirmwareEmbeddedMonitoringCode["Firmware Embedded Monitoring Code"] -.->
            | may-detect | T1542004["ROMMONkit"] ;
          class FirmwareEmbeddedMonitoringCode DefensiveTechniqueNode;
          class SystemFirmware ArtifactNode;
          click FirmwareEmbeddedMonitoringCode href "/technique/d3f:FirmwareEmbeddedMonitoringCode";

json