ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool MoonBounce

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: MoonBounce

NamesMoonBounce
CategoryMalware
TypeBackdoor, Rootkit
Description(Kaspersky) The UEFI implant, which was detected in spring 2021 , was found to have been incorporated by the attackers into the CORE_DXE component of the firmware (also known as the DXE Foundation), which is called early on at the DXE (Driver Execution Environment) phase of the UEFI boot sequence. Among other things, this component is responsible for initializing essential data structures and function interfaces, one of which is the EFI Boot Services Table – a set of pointers to routines that are part of the CORE_DXE image itself and are callable by other DXE drivers in the boot chain.
Information<https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.moonbounce>

Last change to this tool card: 27 December 2022

Download this tool card in JSON format

All groups using tool MoonBounce

ChangedNameCountryObserved

APT groups

 APT 41China2012-Aug 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]