Final on Nostr: This malware is reported as a proof of concept. There's some limitations with this ...
This malware is reported as a proof of concept. There's some limitations with this sample, such as it doesn't work with UEFI Secure Boot enabled. Linux distributions do a shit job and not all support using it though. It's also likely to be found in digital forensic analysis.
Warez forums have sold bootkits with bypasses for these measures before, but they exploited known, patched CVEs. If zero-days are involved (like a nation state) they'd be better with a remote exploit. Bootkit main benefit is persistence.
Published at
2024-11-29 15:48:19Event JSON
{
"id": "abe7b717c9d7e3392287a11cbe44ce806dd9832fc4051380ea276eecb736d33f",
"pubkey": "b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22",
"created_at": 1732895299,
"kind": 1,
"tags": [
[
"e",
"6ccead85933f7e3a7990da434a0d85a87382860c7b62ef0e0457ed1c708e6fc6",
"",
"root"
],
[
"e",
"6abc9c59747d820768f8237ec73416066a837828f91646c91914714fa6f190ab",
"",
"reply"
],
[
"p",
"b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22"
],
[
"p",
"3b7739f072df0d371a513e1ea2b967cc753ee40c6e46f7dab1f0c87f6969f7ac"
]
],
"content": "This malware is reported as a proof of concept. There's some limitations with this sample, such as it doesn't work with UEFI Secure Boot enabled. Linux distributions do a shit job and not all support using it though. It's also likely to be found in digital forensic analysis.\n\nWarez forums have sold bootkits with bypasses for these measures before, but they exploited known, patched CVEs. If zero-days are involved (like a nation state) they'd be better with a remote exploit. Bootkit main benefit is persistence.\n\n ",
"sig": "8204f3c8730857ca28f43b435d66d4ab372c4738c7499643065edc3ddec8b25cda5f0956db45e34e8691adbaf8776d83d1b2b3a1df6f7448bf9faa5ade79a8bd"
}