I know I am a bit late to the game, but a couple of weeks ago I responded to an incident resulting from an F5 compromise related to CVE-2020-5092. As I responded I captured a number if indicators of compromise. While I have not had a lot of time to dig into them, hopefully they will be of use to somebody.
Article Link: https://isc.sans.edu/diary/rss/26378