MosaicRegressor is a sophisticated espionage framework that utilizes UEFI bootkits and various downloader techniques to gain access to victim machines. The framework is modular and consists of multiple stages, with downloaders and intermediate loaders used to fetch and execute payload. Two known cases have been identified where the initial stage of the framework was installed in the victim's UEFI firmware, allowing it to persist even after a system restart. The framework uses a variety of downloader techniques, including RAR SFX droppers and BITS Downloaders, and communicates with its Command and Control (C&C) server using various protocols. The payload of the framework is designed to gather sensitive information and can be customized to perform specific tasks. The framework also includes language artifacts and is capable of running on both 32-bit and 64-bit systems. Overall, MosaicRegressor is a highly advanced and dangerous threat that should be taken seriously by organizations and individuals.
