Bootkitty

Malware updated 8 months ago (2025-02-19T22:26:04.215Z)

Download STIX

Preview STIX

Not enough context has been learned about Bootkitty for a description yet. However we're tracking it as a Malware profile. Malware: Malware, short for malicious software, is a harmful program designed to exploit and damage your computer or device. It can infect your system through suspicious downloads, emails, or websites, often without your knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom.

Description last updated:

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Linux

Bootkit

Malware

Firmware

Ubuntu

Exploit

Windows

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Blacklotus Malware is associated with Bootkitty. BlackLotus is a harmful malware that targets the Unified Extensible Firmware Interface (UEFI) and Secure Boot systems, exploiting their vulnerabilities to gain persistent kernel access and privileges. It was first detected in 2022 when security researchers discovered a UEFI bootkit being sold on hac	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Alphv Threat Actor is associated with Bootkitty. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient p	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The vulnerability CVE-2020-26200 is associated with Bootkitty.	Unspecified	2

Source Document References

Information about the Bootkitty Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	23 days ago	HybridPetya Mimics NotPetya, Adds UEFI Compromise
Securityaffairs	25 days ago	HybridPetya ransomware bypasses UEFI Secure Boot echoing Petya/NotPetya
ESET	25 days ago	Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
ESET	8 months ago	UEFI Secure Boot: Not so secure
ESET	8 months ago	Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
ESET	8 months ago	Bootkitty: Analyzing the first UEFI bootkit for Linux
ESET	8 months ago	Bootkitty: A new chapter in UEFI threats
DARKReading	10 months ago	'Bootkitty' First Bootloader to Take Aim at Linux
BankInfoSecurity	10 months ago	Just Like Windows: Linux Targeted by First-Ever UEFI Bootkit
Securityaffairs	10 months ago	Bootkitty is the first UEFI Bootkit designed for Linux systems
InfoSecurity-magazine	10 months ago	New Bootkit “Bootkitty” Targets Linux Systems via UEFI