LEMURLOOT (d5d79a51-3756-40de-81cd-4dac172fbb74)
LEMURLOOT is a web shell written in C# that was used by threat actors after exploiting a MOVEit file transfer software vulnerability (CVE-2023-34362) during a campaign beginning in late May 2023. The malware supports staging and exfiltration of compressed victim data, including files and folders stored on vulnerable MOVEit servers.[Mandiant MOVEit Transfer June 2 2023]
Related Vulnerabilities: CVE-2023-34362[U.S. CISA CL0P CVE-2023-34362 Exploitation][Mandiant MOVEit Transfer June 2 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| FIN11 (ecdbd431-d62b-4b30-8663-b1ecb4304ec0) | Tidal Groups | LEMURLOOT (d5d79a51-3756-40de-81cd-4dac172fbb74) | Tidal Software | 1 |