mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
add ESPecter Bootkit
This commit is contained in:
parent
c89623e945
commit
78a8cf4ad2
1 changed files with 3 additions and 2 deletions
|
@ -8441,14 +8441,15 @@
|
||||||
"value": "BLUELIGHT"
|
"value": "BLUELIGHT"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "ESPecter bootkit",
|
|
||||||
"description": "ESET researchers have analyzed a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which we’ve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. Alongside Kaspersky’s recent discovery of the unrelated FinSpy bootkit, it is now safe to say that real-world UEFI threats are no longer limited to SPI flash implants, as used by Lojax.",
|
"description": "ESET researchers have analyzed a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which we’ve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. Alongside Kaspersky’s recent discovery of the unrelated FinSpy bootkit, it is now safe to say that real-world UEFI threats are no longer limited to SPI flash implants, as used by Lojax.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/",
|
"https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/",
|
||||||
"https://github.com/eset/malware-ioc/tree/master/especter"
|
"https://github.com/eset/malware-ioc/tree/master/especter"
|
||||||
]
|
]
|
||||||
}
|
},
|
||||||
|
"uuid": "d5b31712-a5b4-4b1c-9a74-4340abc61210",
|
||||||
|
"value": "ESPecter bootkit"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 148
|
"version": 148
|
||||||
|
|
Loading…
Reference in a new issue