From 78a8cf4ad296c3d0d7d63ee331804f4f37cc3d7d Mon Sep 17 00:00:00 2001
From: Delta-Sierra <deborah.servili@gmail.com>
Date: Fri, 19 Nov 2021 16:30:57 +0100
Subject: [PATCH] add ESPecter Bootkit

---
 clusters/tool.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 1985544c..e46e1665 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8441,14 +8441,15 @@
       "value": "BLUELIGHT"
     },
     {
-      "value": "ESPecter bootkit",
       "description": "ESET researchers have analyzed a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which we’ve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. Alongside Kaspersky’s recent discovery of the unrelated FinSpy bootkit, it is now safe to say that real-world UEFI threats are no longer limited to SPI flash implants, as used by Lojax.",
       "meta": {
         "refs": [
           "https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/",
           "https://github.com/eset/malware-ioc/tree/master/especter"
         ]
-      }
+      },
+      "uuid": "d5b31712-a5b4-4b1c-9a74-4340abc61210",
+      "value": "ESPecter bootkit"
     }
   ],
   "version": 148