← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Diving Into Glupteba's UEFI Bootkit
WHITE Glupteba AlienVault 2024-02-13 Modified: 2024-02-13
52
IOCs
HIGH VOLUME
This article describes the infection chain of a new Glupteba malware campaign that took place around November 2023. The analysis reveals Glupteba's use of an undocumented UEFI bootkit that can intervene and control the OS boot process, enabling Glupteba to hide itself and create stealthy persistence. The identification of this novel UEFI bypass technique underscores Glupteba's capacity for innovation and evasion, posing a significant detection challenge.
bootkitprivateloaderbotnetpersistencemalwaregluptebauefismokeloader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Glupteba PrivateLoader SmokeLoader
Indicators of Compromise (6 / 52 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 01e86a4dfe6e0de7857b3cf2fafd041c 2024-02-13
FileHash-MD5 0c8f305fb05348c1c194b951deafbce5 2024-02-13
FileHash-MD5 8f56db1681ac00a5f05e9746414ebfe9 2024-02-13
FileHash-MD5 9fdb7c1359f3f2f7279f1df4bde648c0 2024-02-13
FileHash-MD5 d91200f27b0de081354ef30c390086c5 2024-02-13
FileHash-MD5 f8c080b6120c8ad51706a87a197f3a96 2024-02-13
References (1)
↗ https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/