IOC pivotioc · sha-256
cc21c77e1ee7e916c9c48194fad083b2d4b2023df703e544ffb2d6a0bfc90a63
RU · RussiaLockBitconfidence · high
SHA256 of Mag.dll, the persistence module identified running within the UpdateAdobeTask scheduled job on victims of the LockBit 3.0 Citrix Bleed campaign. Table 3 of AA23-325A.
- family
- LockBit
- first seen
- Nov 20, 2023
- publisher
- CISA