# BlackLotus_Ioc_scan_Powershell

Powershell script(s) to scan windows PC for published IoCs of BlackLotus bootkit documented by Eset and Microsoft

https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/

https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/

Usage:

Open Powershell (as Admin) and run: 

.\Black-Lotus_check.ps1


![Execution](https://gitea.dmz.rs/Ekranoplan/BlackLotus_Ioc_scan_Powershell/src/branch/main/Execution.PNG)