MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add ESPecter bootkit

pull/669/head
Delta-Sierra 2021-11-16 08:17:37 +01:00
parent aeb5719448
commit c89623e945
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/tool.json
View File

@ -8439,7 +8439,17 @@
}, },
"uuid": "b1c4f468-1c55-40aa-bce4-c3772ef83d0c", "uuid": "b1c4f468-1c55-40aa-bce4-c3772ef83d0c",
"value": "BLUELIGHT" "value": "BLUELIGHT"
},
{
"value": "ESPecter bootkit",
"description": "ESET researchers have analyzed a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which weve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. Alongside Kasperskys recent discovery of the unrelated FinSpy bootkit, it is now safe to say that real-world UEFI threats are no longer limited to SPI flash implants, as used by Lojax.",
"meta": {
"refs": [
"https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/",
"https://github.com/eset/malware-ioc/tree/master/especter"
]
}
} }
], ],
"version": 147 "version": 148
} }