ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool ROCKBOOT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: ROCKBOOT

NamesROCKBOOT
CategoryMalware
TypeLoader
Description(FireEye) ROCKBOOT can access and write to the compromised system's hard disk drive beneath the operating system and file system to bypass the normal MBR boot sequence and execute malware prior to the host operating system being initialized. ROCKBOOT does not contain a malicious payload but relies on a secondary payload for malicious activities, which is specified at install time.
Information<https://paper.bobylive.com/Security/APT_Report/APT-41.pdf>
MITRE ATT&CK<https://attack.mitre.org/software/S0112/>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

All groups using tool ROCKBOOT

ChangedNameCountryObserved

APT groups

 APT 41China2012-Aug 2020 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key