ROCKBOOT

Description

(FireEye) ROCKBOOT can access and write to the compromised system’s hard disk drive beneath the operating system and file system to bypass the normal MBR boot sequence and execute malware prior to the host operating system being initialized. ROCKBOOT does not contain a malicious payload but relies on a secondary payload for malicious activities, which is specified at install time.

Names

Name
ROCKBOOT

Type

Loader

Information

https://paper.bobylive.com/Security/APT_Report/APT-41.pdf

Mitre Attack

https://attack.mitre.org/software/S0112/

Other Information

Uuid

135aca6a-613b-46e9-92c3-b812c08643fb

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

ROCKBOOT

ROCKBOOT

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks