← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
BlackLotus UEFI bootkit: Myth confirmed | WeLiveSecurity
WHITE CyberHunter_NL 2023-04-13 Modified: 2023-04-13
69
IOCs
HIGH VOLUME
The first in-the-wild UEFI bootkit, capable of bypassing the essential security feature of Windows 11, has been discovered by ESET security researchers in a series of telemetry samples.
blacklotus httphttpblacklotushttp downloaderuefi securebootfiguresecure bootuefiwindowscve202221894uefi bootkitvirustotalbsodfirstlojaxguardukrainebelarusarmeniadeathattackconceptaugustloadercodeexecutionnextinstallgatemanipulationpodcastlove
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
BlackLotus HTTP BlackLotus HTTP
Indicators of Compromise (8 / 69 total)
All IPv4 URL CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 570b5d22b723b4a442cc6eeebc2580e8 2023-04-13
FileHash-MD5 737c21f6145d22f32792dc9d7dc6ebdf MD5 of dbc064f757c69ec43517eff496146b43cba949d1 2023-04-13
FileHash-MD5 a9f822ac0a137584ea6a5b4fcf0cbd8b MD5 of 5dc9cbd75abd830e83641a0265bffddd2f602815 2023-04-13
FileHash-MD5 d948d4b6db5d6d6e2e1ba6c0fa4bf008 MD5 of 05846d5b1d37ee2d716140de4f4f984cf1e631d1 2023-04-13
FileHash-MD5 e2265f82bc1703abbcec25d7c85e5ce7 MD5 of a5a530a91100ed5f07a5d74698b15c646dd44e16 2023-04-13
FileHash-MD5 eb927e0bcf1d9a473adde8b3f87f9e40 MD5 of 97aec21042df47d39ac212761729c6be484d064d 2023-04-13
FileHash-MD5 ed00050d8507c313c6288e2866c5bbb3 MD5 of d82539bfc2cc7cb504be74ac74df696b13db486a 2023-04-13
FileHash-MD5 f7c213762e7aa496e9112a642c32a0be MD5 of dae7e7c4eec2ac0dc7963c44a5a4f47d930c5508 2023-04-13
References (1)
↗ https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/#:~:text=Files%20deployed%20by%20the%20BlackLotus%20installer%20on%20systems%20with%20UEFI%20Secure%20Boot%20enabled