IOC Radar
TLP:WHITE6 IOCs

Trusted UEFI Certificates Exploited to Bypass Kernel Security Protections

CP
Cyber Press
Published June 19, 2026Original Report

Diamond Model

Attack Flow5 steps · MITRE ATT&CK mapped

ExecutionTA0002·T1218
1/5
Signed Binary Proxy Execution
ActionExecute malicious code via signed UEFI apps
Attackers leverage trusted, vendor-signed UEFI applications to execute arbitrary code during the pre-boot phase.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise6

TypeIndicatorConfidenceScoreFirst Seen
SHA1dc18d31e46a541c9e42f9588554addc7dece124b
file-hashindicatorintel-blog
Medium
53
Jun 20, 26
SHA171dce405964c67779db92dbc01f683d6e29075ab
file-hashindicatorintel-blog
Medium
53
Jun 20, 26
SHA1744565fbb35db710bcc1547292204763c731dc55
file-hashindicatorintel-blog
Medium
53
Jun 20, 26
SHA12eae2807a4265d9c30eeca68a8c59c7a6d1acfe7
file-hashintel-blogmalware
Medium
53
Jun 20, 26
SHA1d275c2dfd884d2b7842c7f861c527a9ffc6e59dd
file-hashindicatorintel-blog
Medium
53
Jun 20, 26
SHA135fbd8ed5ed31d281a6146360cdefe7e8cec31da
file-hashindicatorintel-blog
Medium
53
Jun 20, 26

IOC Relationship Graph

IOC Relationship Graph6 total IOCs
SHA1
SHA16REPORTTrusted UEFI Certificates
scroll to zoom · drag to pan · click IOC to open