 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: MoonBounce| Names | MoonBounce | |
| Category | Malware | |
| Type | Backdoor, Rootkit | |
| Description | (Kaspersky) The UEFI implant, which was detected in spring 2021 , was found to have been incorporated by the attackers into the CORE_DXE component of the firmware (also known as the DXE Foundation), which is called early on at the DXE (Driver Execution Environment) phase of the UEFI boot sequence. Among other things, this component is responsible for initializing essential data structures and function interfaces, one of which is the EFI Boot Services Table – a set of pointers to routines that are part of the CORE_DXE image itself and are callable by other DXE drivers in the boot chain. | |
| Information | <https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.moonbounce> | |
Last change to this tool card: 27 December 2022
Download this tool card in JSON format
Previous: Mongall
Next: MOONSHINE
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | APT 41 |  | 2012-Feb 2023 |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |