Malware Analysis Space

Revisiting MoonBounce: Research Notes Technical Analysis and Design Insights into the DXE Core     “To understand the immeasurable, the mind must be extraordinarily quiet, still.” — Jiddu Krishnamurti     Seeker( 李标明 ) · @clibm079     China · Independent Malware Analyst & Researcher  From 2026.01.17 to 2026.01.28 Prologue: Ever climbing, more deeper Last time, I shared the report “Revisiting LoJax Supplementary Analysis and Research Notes,” and here, to go further on a personal firmware study, I move to the next APT group’s sample, like MoonBounce, which Kaspersky’s global research team documents as the 'MoonBounce' UEFI firmware implant and its connection to APT41 (also known as Winnti). When I started to analyze, I suddenly was aware that I had very limited knowledge and experience to do that, so like before making research notes, the first thing I need to do is...