Fair point. I was assuming the malicious payload would come along with an update on order to hide, but it’s also possible that the malicious payload was delivered without any update to notepad++.
I’m not sure what you mean. The article states there were remote hands on keyboard noticed in multiple companies. That’s how the vulnerability was discovered.
I mean IOCs that you can scan for in an environment to see if a machine has been compromised using this vulnerability. Something that tells you if you need to do additional remediation on a machine or just update notepad++ and move on.
Edit: Found some! This is the type of info I was thinking of when I used IOCs
Fair point. I was assuming the malicious payload would come along with an update on order to hide, but it’s also possible that the malicious payload was delivered without any update to notepad++.
I’ve not seen any IOCs published have you?
There’s some IOC information here:
https://securelist.com/notepad-supply-chain-attack/118708/
And here:
https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/
Thanks!
I’m not sure what you mean. The article states there were remote hands on keyboard noticed in multiple companies. That’s how the vulnerability was discovered.
I mean IOCs that you can scan for in an environment to see if a machine has been compromised using this vulnerability. Something that tells you if you need to do additional remediation on a machine or just update notepad++ and move on.
Edit: Found some! This is the type of info I was thinking of when I used IOCs
https://securelist.com/notepad-supply-chain-attack/118708/