IOC pivotioc · name
human2.aspx
?? · UnknownCl0pconfidence · high
LEMURLOOT web-shell filename masquerading as MOVEit's legitimate human.aspx, dropped via CVE-2023-34362 starting May 27, 2023. Primary breach indicator per joint FBI/CISA advisory AA23-158A on the CL0P/TA505 MOVEit campaign.
- family
- LEMURLOOT
- first seen
- May 26, 2023
- publisher
- CISA