Fair point. I was assuming the malicious payload would come along with an update on order to hide, but it’s also possible that the malicious payload was delivered without any update to notepad++.
I’m not sure what you mean. The article states there were remote hands on keyboard noticed in multiple companies. That’s how the vulnerability was discovered.
I mean IOCs that you can scan for in an environment to see if a machine has been compromised using this vulnerability. Something that tells you if you need to do additional remediation on a machine or just update notepad++ and move on.
Edit: Found some! This is the type of info I was thinking of when I used IOCs
Fair point. I was assuming the malicious payload would come along with an update on order to hide, but it’s also possible that the malicious payload was delivered without any update to notepad++.
I’ve not seen any IOCs published have you?
I’m not sure what you mean. The article states there were remote hands on keyboard noticed in multiple companies. That’s how the vulnerability was discovered.
I mean IOCs that you can scan for in an environment to see if a machine has been compromised using this vulnerability. Something that tells you if you need to do additional remediation on a machine or just update notepad++ and move on.
Edit: Found some! This is the type of info I was thinking of when I used IOCs
https://securelist.com/notepad-supply-chain-attack/118708/
There’s some IOC information here:
https://securelist.com/notepad-supply-chain-attack/118708/
And here:
https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/
Thanks!