/bootkit-samples

Bootkit sample for firmware attack

Bootkit samples

Bootkit sample from real-life attack. Be careful about tweaking the sample for research purpose.

Password: danger

Bootkits has been found in the wild

Malware/Bootkits Disclosure date 1st blood Infection type Targeted OS Malware “vendor”
Vector-EDK (Leaked source code) 2015 2014 DXE ? HackingTeam
DerStarke 2016 2013? DXE Windows/Linux/MacOS Vault7
QuarkMatter 2016 2013? ESP Windows/Linux Vault7
LoJaX 2018 2017 or earlier DXE Windows APT28
TrickBot/TrickBoot 2020 2017 DXE Windows N/A
FinSpy 2021 2011 MBR/ESP Windows/Linux/MacOS N/A
ESPecter 2021 2012/2020 MBR/ESP Windows N/A
Rovnix (Leaked source code) 2011 ? MBR/VBR Windows N/A
Implant.ARM.iLOBleed.a 2021 ? BMC Linux N/A

Threat model - "Know your enemy"

1