Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:01:30 UTC
Home > List all groups > List all tools > List all groups using tool ROCKBOOT
 Tool: ROCKBOOT
Names ROCKBOOT
Category Malware
Type Loader
Description
(FireEye) ROCKBOOT can access and write to the compromised system's hard disk
drive beneath the operating system and file system to bypass the normal MBR boot
sequence and execute malware prior to the host operating system being initialized.
ROCKBOOT does not contain a malicious payload but relies on a secondary payload
for malicious activities, which is specified at install time.
Information MITRE ATT&CK Last change to this tool card: 22 April 2020
Download this tool card in JSON format
All groups using tool ROCKBOOT
Changed Name Country Observed
APT groups
 APT 41 2012-Jul 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=135aca6a-613b-46e9-92c3-b812c08643fb
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=135aca6a-613b-46e9-92c3-b812c08643fb
Page 1 of 1