{"description": "Enterprise techniques used by BFG Agonizer, ATT&CK software S1136 (v1.0)", "name": "BFG Agonizer (S1136)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1554", "comment": "[BFG Agonizer](https://attack.mitre.org/software/S1136) uses DLL unhooking to remove user mode inline hooks that security solutions often implement. [BFG Agonizer](https://attack.mitre.org/software/S1136) also uses IAT unhooking to remove user-mode IAT hooks that security solutions also use.(Citation: Unit42 Agrius 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1561", "showSubtechniques": true}, {"techniqueID": "T1561.002", "comment": "[BFG Agonizer](https://attack.mitre.org/software/S1136) retrieves a device handle to \\\\\\\\.\\\\PhysicalDrive0 to wipe the boot sector of a given disk.(Citation: Unit42 Agrius 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1490", "comment": "[BFG Agonizer](https://attack.mitre.org/software/S1136) wipes the boot sector of infected machines to inhibit system recovery.(Citation: Unit42 Agrius 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1529", "comment": "[BFG Agonizer](https://attack.mitre.org/software/S1136) uses elevated privileges to call NtRaiseHardError to induce a \"blue screen of death\" on infected systems, causing a system crash. Once shut down, the system is no longer bootable.(Citation: Unit42 Agrius 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by BFG Agonizer", "color": "#66b1ff"}]}