BlackLotus UEFI Bootkit Activity

Rule Info

Name
BlackLotus UEFI Bootkit Activity
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects BalckLotus UEFI bootkit via registry bootloader key modification
Reference
https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
Date
2023-03-17 00:00:00
Modified
2023-03-29 00:00:00
Id
9c2c5827-41bd-464f-9a9c-b6bf52f188a6
Tags
attack.defense-evasion attack.privilege-escalation
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022