IOC pivotioc · sha-256
ed5d694d561c97b4d70efe934936286fe562addf7d6836f795b336d9791a5c44
RU · RussiaLockBitconfidence · high
SHA256 of adobelib.dll dropped to C:\Users\Public\ by the 123.ps1 PowerShell loader during the LockBit 3.0 Citrix Bleed campaign, executed via rundll32 with a 104-hex-character key. Table 3 of AA23-325A.
- family
- LockBit
- first seen
- Nov 20, 2023
- publisher
- CISA