CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 5e6b32ec-5b41-4e22-bec2-9128b74b5a91 |
| Fingerprint | b69a31892831a783 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 25, 2022, 10 a.m. |
| Added to db | Sept. 11, 2022, 12:43 p.m. |
| Last updated | Nov. 14, 2024, 7:54 p.m. |
| Headline | CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit |
| Title | CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit |
| Detected Hints/Tags/Attributes | 79/2/21 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 1 | AS48024 |
|
| Details | Autonomous System Number | 1 | AS58461 |
|
| Details | Autonomous System Number | 1 | AS30633 |
|
| Details | Autonomous System Number | 17 | AS4134 |
|
| Details | Domain | 1 | update.bokts.com |
|
| Details | Domain | 1 | erda158.to |
|
| Details | Domain | 1 | www.erda158.top |
|
| Details | File | 125 | ntoskrnl.exe |
|
| Details | File | 212 | winlogon.exe |
|
| Details | md5 | 1 | DDFE44F87FAC7DAEEB1B681DEA3300E9 |
|
| Details | md5 | 1 | E31C43DD8CB17E9D68C65E645FB3F6E8 |
|
| Details | md5 | 1 | ddfe44f87fac7daeeb1b681dea3300e9 |
|
| Details | sha1 | 1 | 9a7291fc90f56d8c46cc78397a6f36bb23c60f66 |
|
| Details | sha256 | 1 | 951f74882c1873bfe56e0bff225e3cd5d8964af4f7334182bc1bf0ec9e987a0a |
|
| Details | IPv4 | 295 | 8.8.8.8 |
|
| Details | IPv4 | 24 | 222.222.67.208 |
|
| Details | IPv4 | 1 | 58.84.53.194 |
|
| Details | IPv4 | 1 | 115.239.210.27 |
|
| Details | IPv4 | 1 | 23.82.12.30 |
|
| Details | IPv4 | 1 | 23.82.12.31 |
|
| Details | IPv4 | 2 | 23.82.12.32 |