Revisiting MoonBounce: Research Notes
Revisiting MoonBounce: Research Notes Technical Analysis and Design Insights into the DXE Core “To understand the immeasurable, the mind must be extraordinarily quiet, still.” — Jiddu Krishnamurti Seeker( 李标明 ) · @clibm079 China · Independent Malware Analyst & Researcher From 2026.01.17 to 2026.01.28 Prologue: Ever climbing, more deeper Last time, I shared the report “Revisiting LoJax Supplementary Analysis and Research Notes,” and here, to go further on a personal firmware study, I move to the next APT group’s sample, like MoonBounce, which Kaspersky’s global research team documents as the 'MoonBounce' UEFI firmware implant and its connection to APT41 (also known as Winnti). When I started to analyze, I suddenly was aware that I had very limited knowledge and experience to do that, so like before making research notes, the first thing I need to do is...