WEBSHELL_ASPX_DLL_MOVEit_Jun23_1

Rule Info

Name
WEBSHELL_ASPX_DLL_MOVEit_Jun23_1
Author
Florian Roth
Description
Detects compiled ASPX web shells found being used in MOVEit Transfer exploitation
Score
85
Reference
https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306
Date
2023-06-01
Minimum Yara
1.7
Rule Hash
f6e391426ef8b46e09cced2490dab220
Tags
['WEBSHELL', 'T1505_003', 'DEMO', 'EXE']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/webshell_aspx_dll_moveit_jun23_1/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=WEBSHELL_ASPX_DLL_MOVEit_Jun23_1

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
10
Suspicious (< 10 engines)
6
Clean (0 engines)
2

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-10-23 16:40:05
11
46
3642079fc987b1ecbdda35eb54495d65be304022dbce5eafd294adf06a98bd47
2024-09-30 17:37:12
17
63
4e58686f61c63f293b551a95bebb5934f8ab45dfa18423c8c8702df12f1bbd91
2023-12-04 02:38:27
0
71
272669da34628f7b58e8efc1ef826eb537fa40e6f3e5fb18c39766051f114b85
2023-09-06 02:46:10
17
70
bda26ed2960d9b2673c0188c4c121b7595649ec594048e51be69c4146ec5acbe
2023-06-27 01:46:52
14
70
98efeecc1d3a32fdf08003c5d3503cef24b44c01ee76228c543acf5eed5e7df3
2023-06-19 16:08:10
29
70
a36bdebd4ec29fcea4a9f961e18db1c55f7c322d89b8a4bc936024bc7b85687c
2023-06-18 05:32:19
14
69
5901cc0846c6bf2309a7f2c70c729ac3bc0c3083ae81660252d6f80fd205286b
2023-06-12 08:28:01
33
70
367fa8b3bafd99cb0fa5efc23ffb91d0daef6e33be1378ee1eb525ff9ddd9095
2023-06-05 23:00:39
10
69
8fa3cb7a703da1aa49b3ecc80b9172e479dd2a6057a32000b89b0d99272184cc
2023-06-05 15:24:24
10
70
53a8ef6df8ded48541178a8136d2ea6ab629a64cb44b922b2c37f3f96f77a640
2023-06-05 15:24:24
10
70
4546144efb671ad4f12d81d976134903b587c31f85991626850dec3d07859d5c
2023-06-05 07:14:05
9
70
ad8d9db2e65dde04fc017961e474e58e109114f561ddf33424d602f69e6c0e2d
2023-06-03 13:08:50
6
69
c58c2c2ea608c83fad9326055a8271d47d8246dc9cb401e420c0971c67e19cbf
2023-06-03 13:08:03
7
70
02d9a530964c8b7b8c1ff960ab078f806cb933bda0f2011abc2a25d7e89bc8a9
2023-06-02 20:02:19
1
70
e96a9a876ce4246781ef41a5316739a5711e393840e7f763e6e2a6c8c795ddb1
2023-06-02 16:03:13
2
69
f40e9833ac1e31252edc39c9800742dfef5886e137bf302127b9adcb8adc2f27
2023-06-02 15:03:38
0
70
9073d648ac1a93238c30693c02568670e6188ef606fad88e0ef2f56dcc88bdc3
2023-06-02 14:11:09
1
70
6cbf38f5f27e6a3eaf32e2ac73ed02898cbb5961566bb445e3c511906e2da1fa

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022