-
Apr 12th, 2023, 12:58 PM
#1
BlackLotus
Microsoft has issued some guidance on how to identify a BlackLotus intrusion.
https://www.microsoft.com/en-us/secu...otus-campaign/
This one is hard to identify because it modifies the boot process. To summarize, from the Command Prompt:
- mountvol e: /s
- e:
- cd \efi\Microsoft\boot
- dir *.efi
Consult the link above to determine if there are related files with different time/date stamps. Run as Adminstrator may be required, and older systems may use a different Drive letter such as "d:".
This information came to me via CISA.
J.A. Coutts
-
Apr 12th, 2023, 03:02 PM
#2
Re: BlackLotus
Not sure what this is. Is there a question? Was this in response to something else?
My usual boring signature: Nothing
-
Apr 12th, 2023, 03:04 PM
#3
Re: BlackLotus
Seems like a heads-up, and the VB6 section of the site probably gets the most eyeballs.
-
Apr 14th, 2023, 08:31 AM
#4
Re: BlackLotus
@couttsj - I moved this thread to General PC. If there is any legitimate reason why it should stay in the VB6 forum, please let me know.
-
Apr 14th, 2023, 09:08 AM
#5
Re: BlackLotus
Originally Posted by dday9
@couttsj - I moved this thread to General PC. If there is any legitimate reason why it should stay in the VB6 forum, please let me know.
Optionbase1 is correct in his observation. I figured that it would get moved, but I am disappointed that it does not show up as having been moved. It is easy to tell that General PC does not get visited very much, and I needed to get the word out as quickly as possible.
J.A. Coutts
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|