Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Intel]: https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/ #817

Open
timb-machine opened this issue Dec 6, 2024 · 0 comments
Open

[Intel]: https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/ #817

timb-machine opened this issue Dec 6, 2024 · 0 comments
Assignees
@timb-machine
Labels
confirmed

Comments

@timb-machine
Copy link
Owner

Area

Malware reports

Parent threat

Resource Development, Persistence, Defense Evasion

Finding

https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/

Industry reference

attack:T1542.003:Bootkit
attack:T1547.006:Kernel Modules and Extensions
attack:T1587.00:Malware
attack:T1587.002Code Signing Certificates
attack:T1106:Native API
attack:T1129:Shared Modules
attack:T1574.006:Dynamic Linker
attack:T1542.003
attack:T1014:Rootkit
attack:T1562:Impair Defenses
attack:T1564:Hide Artifacts

Malware reference

Bootkitty
BCDropper
BCObserver

Actor reference

No response

Component

Linux

Scenario

Consumer, Internal enterprise services, Enterprise with satellite facilities, Enterprise with contracted services and/or non-employee access
@timb-machine timb-machine self-assigned this Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timb-machine timb-machine

Labels
confirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@timb-machine