fixes top

magicsword-io · Aug 3, 2023 · 1b3b0b6 · 1b3b0b6
1 parent 4735bdc
commit 1b3b0b6
Show file tree

Hide file tree

Showing 527 changed files with 10,656 additions and 8,138 deletions.
diff --git a/bin/site.py b/bin/site.py
@@ -74,34 +74,25 @@ def write_bootloaders_csv(bootloaders, output_dir, VERBOSE):
 
 
 
-def write_top_products(bootloaders, output_dir, top_n=5):
-    products_count = {}
-
+def write_top_os(bootloaders, output_dir, top_n=5):
+    os_count = {}
     for bootloader in bootloaders:
-        for hash_info in bootloader['KnownVulnerableSamples']:
-            product_name = hash_info['Product']
-
-            if not product_name:
-                continue
-
-            product_name = product_name.strip().replace(',', '')
-
-            if product_name.lower() == 'n/a' or product_name.isspace():
-                continue
-
-            if product_name not in products_count:
-                products_count[product_name] = 0
-
-            products_count[product_name] += 1
-
-    sorted_products = sorted(products_count.items(), key=lambda x: x[1], reverse=True)[:top_n]
-
-    with open(f"{output_dir}/content/bootloaders_top_{top_n}_products.csv", "w") as f:
+        command = bootloader.get('Commands')
+        if not command:
+            continue
+        os_name = command.get('OperatingSystem')
+        if not os_name or os_name.isspace() or os_name.lower() == 'n/a':
+            continue
+        os_name = os_name.strip().replace(',', '')
+        if os_name not in os_count:
+            os_count[os_name] = 0
+        os_count[os_name] += 1
+    sorted_os = sorted(os_count.items(), key=lambda x: x[1], reverse=True)[:top_n]
+    with open(f"{output_dir}/content/bootloaders_top_{top_n}_os.csv", "w") as f:
         writer = csv.writer(f)
-
-        for product, count in sorted_products:
+        for os, count in sorted_os:
             for _ in range(count):
-                writer.writerow([count, product])
+                writer.writerow([count, os])
 
 def write_top_publishers(bootloaders, output_dir, top_n=5):
     publishers_count = {}
@@ -191,8 +182,8 @@ def generate_doc_bootloaders(REPO_PATH, OUTPUT_DIR, TEMPLATE_PATH, messages, VER
             writer.writerow([link, sha256, bootloader['Category'].capitalize(), bootloader['Created']])
     messages.append("site_gen.py wrote bootloaders table to: {0}".format(OUTPUT_DIR + '/content/bootloaders_table.csv'))
 
-    # write top 5 products
-    write_top_products(bootloaders, OUTPUT_DIR)
+    # write top 5 os
+    write_top_os(bootloaders, OUTPUT_DIR)
     messages.append("site_gen.py wrote bootloaders products to: {0}".format(OUTPUT_DIR + '/content/bootloaders_top_n_products.csv'))
 
     return bootloaders, messages

diff --git a/bootloaders.io/content/_index.md b/bootloaders.io/content/_index.md
@@ -9,7 +9,7 @@ title = "bootloaders.io"
   title = "Bootkit List"
 
 [dataset2]
-  fileLink = "content/bootloaders_top_5_products.csv"
+  fileLink = "content/bootloaders_top_5_os.csv"
   colors = ["#ef7f1a", "#627c62", "#11819b", "#4e1154", "#a1c9a2", "#38a9d9", "#f9b34c", "#824da4", "#e0c7c2", "#c2c2a3", "#d6a994", "#f2c057"] # chart colors
   columnTitles = ["Count", "Name"] # optional if not table will be displayed from dataset
   baseChartOn = 2 # number of column the chart(s) and graph should be drawn from # can be overridden directly via shortcode parameter # it's therefore optional
@@ -38,7 +38,7 @@ You can also access the malicious bootkit list via **API** using [CSV](api/bootl
 
 {{< column "mt-4">}}
 
-# Top OS
+# Top Architecture
 
 {{% chart "dataset2" "pie" %}}
 

diff --git a/bootloaders.io/content/api/bootloaders.json b/bootloaders.io/content/api/bootloaders.json
diff --git a/bootloaders.io/content/bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6.md b/bootloaders.io/content/bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6.md
@@ -22,7 +22,7 @@ This was provided by HP Inc. and revoked Apr-21
 - **Author**: Michael Haag
 - **Acknowledgement**:  | [](https://twitter.com/)
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
 {{< tip "warning" >}}
 
 {{< /tip >}}
@@ -57,10 +57,10 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sigma 🛡️
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
 
 {{< /details >}}
 
@@ -71,9 +71,9 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sysmon 🔎
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
 
 {{< /details >}}
 
@@ -113,10 +113,12 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### ImportedFunctions
@@ -136,7 +138,7 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 
 
-[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0072a990-7f8a-484c-8727-bd0912dd2ce6.yaml)
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0072a990-7f8a-484c-8727-bd0912dd2ce6.yaml)
 
 *last_updated:* 2023-08-02
 

diff --git a/bootloaders.io/content/bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89.md b/bootloaders.io/content/bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89.md
@@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23
 - **Author**: Michael Haag
 - **Acknowledgement**:  | [](https://twitter.com/)
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
 {{< tip "warning" >}}
 
 {{< /tip >}}
@@ -57,10 +57,10 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sigma 🛡️
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
 
 {{< /details >}}
 
@@ -71,9 +71,9 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sysmon 🔎
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
 
 {{< /details >}}
 
@@ -106,10 +106,12 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### ImportedFunctions
@@ -129,7 +131,7 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 
 
-[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/025ed4ef-d8c6-492b-927f-a1eb484d7b89.yaml)
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/025ed4ef-d8c6-492b-927f-a1eb484d7b89.yaml)
 
 *last_updated:* 2023-08-02
 

diff --git a/bootloaders.io/content/bootloaders/02e8f438-8842-4018-8592-a4fea656bd01.md b/bootloaders.io/content/bootloaders/02e8f438-8842-4018-8592-a4fea656bd01.md
@@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20
 - **Author**: Michael Haag
 - **Acknowledgement**:  | [](https://twitter.com/)
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
 {{< tip "warning" >}}
 
 {{< /tip >}}
@@ -57,10 +57,10 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sigma 🛡️
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
 
 {{< /details >}}
 
@@ -71,9 +71,9 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sysmon 🔎
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
 
 {{< /details >}}
 
@@ -113,10 +113,12 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### ImportedFunctions
@@ -136,7 +138,7 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 
 
-[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/02e8f438-8842-4018-8592-a4fea656bd01.yaml)
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/02e8f438-8842-4018-8592-a4fea656bd01.yaml)
 
 *last_updated:* 2023-08-02
 

diff --git a/bootloaders.io/content/bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1.md b/bootloaders.io/content/bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1.md
@@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20
 - **Author**: Michael Haag
 - **Acknowledgement**:  | [](https://twitter.com/)
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
 {{< tip "warning" >}}
 
 {{< /tip >}}
@@ -57,10 +57,10 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sigma 🛡️
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
 
 {{< /details >}}
 
@@ -71,9 +71,9 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sysmon 🔎
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
 
 {{< /details >}}
 
@@ -113,10 +113,12 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### ImportedFunctions
@@ -136,7 +138,7 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 
 
-[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/03fbb84a-9153-4d42-aa08-c26fd8260bd1.yaml)
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/03fbb84a-9153-4d42-aa08-c26fd8260bd1.yaml)
 
 *last_updated:* 2023-08-02
 

diff --git a/bootloaders.io/content/bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72.md b/bootloaders.io/content/bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72.md
@@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23
 - **Author**: Michael Haag
 - **Acknowledgement**:  | [](https://twitter.com/)
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c831903e223d70526791119b52eaa4df.bin" "Download" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c831903e223d70526791119b52eaa4df.bin" "Download" >}}
 {{< tip "warning" >}}
 
 {{< /tip >}}
@@ -57,10 +57,10 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sigma 🛡️
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
 
 {{< /details >}}
 
@@ -71,9 +71,9 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 #### Sysmon 🔎
 {{< details "Expand" >}}
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
 
-{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
 
 {{< /details >}}
 
@@ -145,10 +145,12 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 {{< /details >}}
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### Imports
 {{< details "Expand" >}}
+* 
 
 {{< /details >}}
 #### ImportedFunctions
@@ -213,7 +215,7 @@ bcdedit /copy &#34;{current}&#34; /d &#34;LOLDrivers&#34; | {% if ($_ -match &#3
 
 
 
-[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0486fe15-0d77-4c66-9918-1278ef014f72.yaml)
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0486fe15-0d77-4c66-9918-1278ef014f72.yaml)
 
 *last_updated:* 2023-08-02