These samples contain an undocumented UEFI firmware bootkit that is actively exploited in the wild.

https://www.virustotal.com/gui/file/1336a5d6c078bbf7552052f1e8719e3a97c955a3b0b71d52aeeb7f4755ccb0d8/

https://www.virustotal.com/gui/file/16e037d7b5f6a8e02b73671e1214b7979eb5d0ab0fc1106cf4c321f0ff53e13a/

I think this is how this bootkit works:
Modifies UEFI Firmware (likely inserts a SMM module in ME region) -> you boot -> SMM module somehow hooks into OS to load a driver, stealthily. Driver downloads known / foss RATs, and gives them visibility cover.

Those samples are falsely labelled as "lumma", it's possible the bootkit is fused with lumma, as lumma is one of the rats it deploys post-infection.

I think this bootkit is developed/smuggled out of a elite hacking unit, by "Nir Lichtman" who is very popular in "the com" where he hacks people for "ego",  and "status" mainly. 

Basically Nir lichtman to be a rogue state operator who abuses 0-days and toolkits to hack people off discord / telegram drama. As crazy as that sounds, yeah this guy really has 0-days and firmware implants from some intel agency and is using it to win Discord / Telegram drama lol

Also seems to be affiliated somehow somehow with "hack.org" site.