Type	Value	comment
md5	bf7c1dd613101c0a95027249a5fcb759	WebShell : https://twitter.com/cyb3rops/status/1664309212028243969
md5	e9a5f0c7656329ced63d4c8742da51b4	WebShell : https://twitter.com/cyb3rops/status/1664309212028243969
md5	af136505d384c9a89635b365e55b7fa3	WebShell : https://twitter.com/cyb3rops/status/1664309212028243969
sha256	2413b5d0750c23b07999ec33a5b4930be224b661aaf290a0118db803f31acbc5	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	48367d94ccb4411f15d7ef9c455c92125f3ad812f2363c4d2e949ce1b615429a	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	6015fed13c5510bbb89b0a5302c8b95a5b811982ff6de9930725c4630ec4011d	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	702421bcee1785d93271d311f0203da34cc936317e299575b06503945a6ea1e0	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	9d1723777de67bc7e11678db800d2a32de3bcd6c40a629cd165e3f7bbace8ead	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	9e89d9f045664996067a05610ea2b0ad4f7f502f73d84321fb07861348fdc24a	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	b1c299a9fe6076f370178de7b808f36135df16c4e438ef6453a39565ff2ec272	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	c56bcb513248885673645ff1df44d3661a75cfacdce485535da898aa9ba320d4	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	d49cf23d83b2743c573ba383bf6f3c28da41ac5f745cde41ef8cd1344528c195	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	e8012a15b6f6b404a33f293205b602ece486d01337b8b3ec331cd99ccadb562e	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
sha256	fe5f8388ccea7c548d587d1e2843921c038a9f4ddad3cb03f3aa8a45c29c6a2f	WebShell : https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/
filename	C:\MOVEitTransfer\wwwroot\human2.aspx	Path of WebShell (Drive letter can change)
sha256	110e301d3b5019177728010202c8096824829c0b11bb0dc0bff55547ead18286	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
sha256	1826268249e1ea58275328102a5a8d158d36b4fd312009e4a2526f0bfbc30de2	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
sha256	2ccf7e42afd3f6bf845865c74b2e01e2046e541bb633d037b05bd1cdb296fa59	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
sha256	58ccfb603cdc4d305fddd52b84ad3f58ff554f1af4d7ef164007cb8438976166	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
sha256	98a30c7251cf622bd4abce92ab527c3f233b817a57519c2dd2bf8e3d3ccb7db8	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
sha256	a8f6c1ccba662a908ef7b0cb3cc59c2d1c9e2cbbe1866937da81c4c616e68986	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
sha256	b5ef11d04604c9145e4fe1bedaeb52f2c2345703d52115a5bf11ea56d7fb6b03	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
sha256	cec425b3383890b63f5022054c396f6d510fae436041add935cd6ce42033f621	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
sha256	ed0c3e75b7ac2587a5892ca951707b4e0dd9c8b18aaf8590c24720d73aa6b90c	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
sha256	0b3220b11698b1436d1d866ac07cc90018e59884e91a8cb71ef8924309f1e0e9	Human2.aspx during exploitation :https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
filename	/moveitisapi/moveitisapi.dll	POST
md5	67fca3e84490dfdddf72e9ba558b589a	human2.aspx : Enriched via Virustotal
md5	359a1141a79480555aa996fd6d9e4af1	human2.aspx : Enriched via Virustotal
md5	7d5e5537c5346d764f067f66cca426ba	human2.aspx : Enriched via Virustotal
md5	b1bdad086567efd202babf56eac17e1d	human2.aspx : Enriched via Virustotal
md5	11eadcf3f1bc9b0ed6994c3ede299ce8	human2.aspx : Enriched via Virustotal
md5	8cd6c75e6160b90de2a52c967b3d4846	human2.aspx : Enriched via Virustotal
md5	911230b5dca1c43f6d22e65c66b0f6b1	human2.aspx : Enriched via Virustotal
md5	a85299f78ab5dd05e7f0f11ecea165ea	human2.aspx : Enriched via Virustotal
sha1	12e0643312de827621ec41a6124ded06197a19bc	human2.aspx : Enriched via Virustotal
sha1	f0d3354c7a49619f407e16bbb94b410f8ded1ac4	human2.aspx : Enriched via Virustotal
sha1	f50c3fa5c4cae7c27c0b7d1730d72060e41595ba	human2.aspx : Enriched via Virustotal
sha1	f1e4d5175d65ba29f200988223f04063fcc28f9d	human2.aspx : Enriched via Virustotal
sha1	4fa0d7b2c6a5a95cf30bf95557089796e1ad271b	human2.aspx : Enriched via Virustotal
sha1	02f3492857f88824bae7910f171f72fa6def6837	human2.aspx : Enriched via Virustotal
sha1	d972fb8ffb36d16c91cb745d37545e1fa805a931	human2.aspx : Enriched via Virustotal
sha1	c48fa2de1ce986c77258c84d9896f3867f8fcc86	human2.aspx : Enriched via Virustotal
sha1	f3b625622d64e0ccd383f623c0c56ca3c2d820e9	human2.aspx : Enriched via Virustotal
sha1	23f3b810267af1639e9f059536a610798cae1d65	human2.aspx : Enriched via Virustotal
sha1	3f95cebb7a7bd0491912d461208118784f802ca6	human2.aspx : Enriched via Virustotal
CIDR	5.252.189.0/24	Attacker command and control : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
CIDR	5.252.190.0/24	Attacker command and control : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
CIDR	5.252.191.0/24	Attacker command and control : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
IPv4	198.27.75.110	Attacker command and control : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
IPv4	84.234.96.104	Attacker command and control : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
IPv4	209.222.103.170	Attacker command and control : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Domain	dojustit.mooo.com	Attacker command and control : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
filename	C:\Windows\TEMP[random][random].cmdline	Script that is executed to create the human2.aspx file. The folder path and filename are randomized.
filename	human2.aspx	Webshell used during exploitation.
filename	human2.aspx.lnk	Webshell used during exploitation.
txt	X-siLock-Comment	HTTP request header : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
txt	X-siLock-Step1	HTTP request header : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
txt	X-siLock-Step2	HTTP request header : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
txt	X-siLock-Step3	HTTP request header : https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

Malicious vulnerability scanner IPs can be found here: https://viz.greynoise.io/query/?gnql=raw_data.web.paths%3A%22%2Fhuman2.aspx%22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Files

README.md

Latest commit

History

README.md

File metadata and controls