LoJax

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[LoJax](https://attack.mitre.org/software/S0397) is a UEFI rootkit used by [APT28](https://attack.mitre.org/groups/G0007) to persist remote access software on targeted systems.(Citation: ESET LoJax Sept 2018)

Associated Techniques (5)

ID	ATT&CK	Tactics
T1014	Rootkit	-
T1112	Modify Registry	-
T1542.001	System Firmware	-
T1547.001	Registry Run Keys / Startup Folder	-
T1564.004	NTFS File Attributes	-

Used by Actors (1)

APT28
Nation-state

Metadata

ID:	514
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00