Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
The MOVEit Transfer vulnerability, CVE-2023-34362, is well known and has been exploited by attackers to install the LEMURLOOT web shell. LEMURLOOT is one example of a malicious payload associated with this vulnerability. A highly skilled attacker can customize the LEMURLOOT web shell to ensure that commands blend in with normal HTTP traffic. Web shells can help an attacker steal data and disrupt business operations.
Kill Chain
Risk Score
94
Organizations can manage, share, and store large volumes of data with managed file transfer (MFT) solutions. The Progress Software MFT solution, MOVEit Transfer, has an SQL injection vulnerability (CVE-2023-34362) that can be exploited to install the LEMURLOOT web shell on the MOVEit Transfer database server. This web shell masquerades as human.aspx, which is a legitimate component of the MOVEit Transfer software. To interact with LEMURLOOT, the attacker sends HTTP requests with header values that contain web shell commands. LEMURLOOT enables attackers to enumerate files and folders, retrieve configuration information, modify users, and steal data.
Install relevant patches to affected MOVEit Transfer software versions
