MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 14:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #669 from Delta-Sierra/main

Browse source 
add ESPecter Bootkit
This commit is contained in:
Alexandre Dulaunoy 2021-11-19 16:35:02 +01:00 committed by GitHub
commit f98996bfc6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
clusters/tool.json
View file

@ -8439,7 +8439,18 @@
},
"uuid": "b1c4f468-1c55-40aa-bce4-c3772ef83d0c",
"value": "BLUELIGHT"
},
{
"description": "ESET researchers have analyzed a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which weve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. Alongside Kasperskys recent discovery of the unrelated FinSpy bootkit, it is now safe to say that real-world UEFI threats are no longer limited to SPI flash implants, as used by Lojax.",
"meta": {
"refs": [
"https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/",
"https://github.com/eset/malware-ioc/tree/master/especter"
]
},
"uuid": "d5b31712-a5b4-4b1c-9a74-4340abc61210",
"value": "ESPecter bootkit"
}
],
"version": 147
"version": 148
}