diff --git a/rules-emerging-threats/2023/Exploits/MOVEit-Transfer-Unknown-Exploit/README.md b/rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/README.md
similarity index 83%
rename from rules-emerging-threats/2023/Exploits/MOVEit-Transfer-Unknown-Exploit/README.md
rename to rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/README.md
index 1440b16a8..66f3d6889 100644
--- a/rules-emerging-threats/2023/Exploits/MOVEit-Transfer-Unknown-Exploit/README.md
+++ b/rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/README.md
@@ -14,4 +14,5 @@ You can find more information on the threat in the following articles:
 
 ## Rules
 
-- [Potential MOVEit Transfer Exploitation](./file_event_win_exploit_other_moveit_transfer.yml)
+- [Potential MOVEit Transfer CVE-2023-34362 Exploitation](./file_event_win_exploit_cve_2023_34362_moveit_transfer.yml)
+- [MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request](web_cve_2023_34362_known_payload_request.yml.yml)
diff --git a/rules-emerging-threats/2023/Exploits/MOVEit-Transfer-Unknown-Exploit/file_event_win_exploit_other_moveit_transfer.yml b/rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/file_event_win_exploit_cve_2023_34362_moveit_transfer.yml
similarity index 63%
rename from rules-emerging-threats/2023/Exploits/MOVEit-Transfer-Unknown-Exploit/file_event_win_exploit_other_moveit_transfer.yml
rename to rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/file_event_win_exploit_cve_2023_34362_moveit_transfer.yml
index bc3a079fe..3bf6ec8f2 100644
--- a/rules-emerging-threats/2023/Exploits/MOVEit-Transfer-Unknown-Exploit/file_event_win_exploit_other_moveit_transfer.yml
+++ b/rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/file_event_win_exploit_cve_2023_34362_moveit_transfer.yml
@@ -1,9 +1,7 @@
-title: Potential MOVEit Transfer Exploitation
+title: Potential MOVEit Transfer CVE-2023-34362 Exploitation
 id: c3b2a774-3152-4989-83c1-7afc48fd1599
 status: experimental
-description: |
-    Detects the creation of files with unexpected extensions in the web root folder of the MOVEit Transfer service.
-    Reports mentioned uncommon file types in the "wwwroot" folder as a sign of potential compromise. Attackers used that folder as a staging directory for the exfiltration.
+description: Detects file indicators of potential exploitation of MOVEit CVE-2023-34362.
 references:
     - https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/
     - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
@@ -11,6 +9,7 @@ references:
     - https://www.reddit.com/r/sysadmin/comments/13wxuej/comment/jmhdg55/
 author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems)
 date: 2023/06/01
+modified: 2023/06/03
 tags:
     - attack.initial_access
     - attack.t1190
@@ -34,19 +33,24 @@ detection:
             - '.zip'
     selection_known_ioc:
         TargetFilename|endswith:
+            - '\MOVEit Transfer\wwwroot\_human2.aspx.lnk'
+            - '\MOVEit Transfer\wwwroot\_human2.aspx'
+            - '\MOVEit Transfer\wwwroot\human2.aspx.lnk'
             - '\MOVEit Transfer\wwwroot\human2.aspx'
+            - '\MOVEitTransfer\wwwroot\_human2.aspx.lnk'
+            - '\MOVEitTransfer\wwwroot\_human2.aspx'
+            - '\MOVEitTransfer\wwwroot\human2.aspx.lnk'
             - '\MOVEitTransfer\wwwroot\human2.aspx'
+    # Uncomment selection if you wanna threat hunt for additional artifacts
+    #selection_cmdline:
+    #    TargetFilename|contains: ':\Windows\TEMP\'
+    #    TargetFilename|endswith: '.cmdline'
     selection_compiled_asp:
         CreationUtcTime|startswith:
-            - '2023-05-26 '
-            - '2023-05-27 '
-            - '2023-05-28 '
-            - '2023-05-29 '
-            - '2023-05-30 '
-            - '2023-05-31 '
-            - '2023-06-01 '
-            - '2023-06-02 '
-            - '2023-06-03 '
+            - '2023-03- '
+            - '2023-04- '
+            - '2023-05- '
+            - '2023-06- '
         TargetFilename|contains|all:
             - '\Windows\Microsoft.net\Framework64\v'
             - '\Temporary ASP.NET Files\'
@@ -54,5 +58,5 @@ detection:
         TargetFilename|endswith: '.dll'
     condition: 1 of selection_*
 falsepositives:
-    - Unlikely
+    - To avoid FP, this rule should only be applied on MOVEit servers.
 level: high
diff --git a/rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/web_cve_2023_34362_known_payload_request.yml.yml b/rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/web_cve_2023_34362_known_payload_request.yml.yml
new file mode 100644
index 000000000..ed85bf8d7
--- /dev/null
+++ b/rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/web_cve_2023_34362_known_payload_request.yml.yml
@@ -0,0 +1,21 @@
+title: MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request
+id: 435e41f2-48eb-4c95-8a2b-ed24b50ec30b
+status: experimental
+description: Detects get requests to specific files used during the exploitation of MOVEit CVE-2023-34362
+references:
+    - https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
+    - https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
+author: Nasreddine Bencherchali (Nextron Systems)
+date: 2023/06/03
+logsource:
+    category: webserver
+detection:
+    selection:
+        cs-method: 'GET'
+        cs-uri-stem:
+            - '/human2.aspx'
+            - '/_human2.aspx'
+    condition: selection
+falsepositives:
+    - Unlikely
+level: high