T1547 - Boot Or Logon Autostart Execution - MITRE ATT&CK

Threat entity extracted from intelligence sources

Frequency
165
occurrences
First Seen
January 28, 2026
Last Seen
July 16, 2026

T1547 - Boot Or Logon Autostart Execution is a mitre_attack tracked across 50 threat clusters and 165 intelligence report mentions on ThreatCluster. First observed January 28, 2026; most recent activity July 16, 2026.

Related Threat Clusters

Recent Intelligence Reports

  • New ClickLock macOS malware traps users into revealing login password — Bleepingcomputer · July 16, 2026
  • Microsoft revokes legacy UEFI shims to prevent Secure Boot bypasses — Feeds.4Sysops · July 15, 2026
  • Eleven Vulnerable UEFI Shims Enable Secure Boot Bypass — Infosecurity-Magazine · July 15, 2026
  • Vulnerable UEFI shims allow decade — Feeds.4Sysops · July 15, 2026
  • EtherHiding to ClickFix Analysis — www.derp.ca · July 15, 2026
  • Old Microsoft — Feeds.Feedburner · July 14, 2026
  • Forgotten UEFI shims undermining Secure Boot — Welivesecurity · July 14, 2026
  • Six Minutes to Compromise: How 'Patriot Bait' Actor Used AI to Build and Deploy a C&C Botnet — Trendmicro · July 14, 2026

CVSS v3.1 Breakdown