This repo contains operational information regarding Progress MoveIT Transfer vulnerability. For more information see:
- NCSC-NL advisory (NL)
- Progress MOVEit Transfer Critical Vulnerability (May 2023)
- TrustedSec: Critical Vulnerability in Progress Moveit Transfer: Technical Analysis and Recommendations
- Huntress Labs: MOVEit Transfer Critical Vulnerability Rapid Response
- Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempes/Cl0p
- CISA advisory
- CERT-BUND advisory
- Cl0p statement on their leakblog
MOVEit is a file/web transfer solution by Progress.
Affected version | Fixed Version | Documentation |
---|---|---|
MOVEit Transfer 2023.0.0 | MOVEit Transfer 2023.0.1 | MOVEit 2023 Upgrade Documentation |
MOVEit Transfer 2022.1.x | MOVEit Transfer 2022.1.5 | MOVEit 2022 Upgrade Documentation |
MOVEit Transfer 2022.0.x | MOVEit Transfer 2022.0.4 | MOVEit 2022 Upgrade Documentation |
MOVEit Transfer 2021.1.x | MOVEit Transfer 2021.1.4 | MOVEit 2021 Upgrade Documentation |
MOVEit Transfer 2021.0.x | MOVEit Transfer 2021.0.6 | MOVEit 2021 Upgrade Documentation |
For up-to-date information about patches and mitigations regarding CVE-2023-34362, see: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
For up-to-date information about patches and mitigations regarding the vulnerability detected on 15-6-2023 (CVE pending), see: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023
There are currently known IoCs that indicate exploitation of this vulnerability. IoCs will be shared - when possible - through this repository. For detection iocs please see iocs_detection/README.md.
For YARA rules please see iocs_detection/yara/README.md.
Webshell checker (Python based) https://github.com/ZephrFish/MoveIT-WebShellCheck
Shodan query for MOVEit instances www.shodan.io/search?query=http.favicon.hash%3A989289239
URLscan query for MOVEit instances www.urlscan.io/search/#hash%3A5f9f66003fc6214ca8a053853741ea7439429ce7ec834a737fba3f440bc9d473
If you have any additional information to share relevant to the MOVEit vulnerability, please feel free to open a Pull request. New to this? Read how to contribute in GitHub's documentation.