# CL0P RANSOMWARE IOCs - BLOCK LIST
# Source: CISA Alert AA23-158A
# CVE-2023-34362 - MOVEit Transfer
# Generated: 2026-01-28

# ===================================
# DOMAINS (6 Total)
# ===================================
connectzoomdownload.com
guerdofest.com
zoom.voyage
qweastradoc.com
jirostrogud.com
hiperfdhaus.com

# ===================================
# URLs (10 Total)
# ===================================
http://zoom.voyage/download/Zoom.exe
https://connectzoomdownload.com/download/ZoomInstaller.exe
http://qweastradoc.com
http://jirostrogud.com
http://hiperfdhaus.com
5.188.206.76:8000/se1.dll
198.199.74.207:1234/update.jsp
http://connectzoomdownload.com/download/ZoomInstaller.exe
http://guerdofest.com/gate.php
http://qweastradoc.com/gate.php

# ===================================
# FILE HASHES AND PATTERNS
# ===================================
# File Indicator
file:hashes.SHA-256 = F2F08E4F108AAFFAADC3D11BAD24ABDD625A77E0EE9674C4541B562C78415765

# File Indicator
file:hashes.SHA-256 = EB9F5CBE71F9658D38FB4A7AA101AD40534C4C93EE73EF5F6886D89159B0E2C2

# File Indicator
file:hashes.SHA-256 = A8569C78AF187D603EECDC5FAEC860458919349EEF51091893B705F466340ECD

# File Indicator
file:name = app_web_xlji1wtn.dll AND file:size = 12288 AND file:hashes.MD5 = 2387BE2AFE2250C20D4E7A8C185BE8D9 AND file:hashes.SHA-256 = 367FA8B3BAFD99CB0FA5EFC23FFB91D0DAEF6E33BE1378EE1EB525FF9DDD9095

# File Indicator
file:hashes.SHA-256 = ED0C3E75B7AC2587A5892CA951707B4E0DD9C8B18AAF8590C24720D73AA6B90C

# File Indicator
file:hashes.SHA-256 = CEC425B3383890B63F5022054C396F6D510FAE436041ADD935CD6CE42033F621

# File Indicator
file:hashes.SHA-256 = B5EF11D04604C9145E4FE1BEDAEB52F2C2345703D52115A5BF11EA56D7FB6B03

# File Indicator
file:hashes.SHA-256 = A8F6C1CCBA662A908EF7B0CB3CC59C2D1C9E2CBBE1866937DA81C4C616E68986

# File Indicator
file:hashes.SHA-256 = 98A30C7251CF622BD4ABCE92AB527C3F233B817A57519C2DD2BF8E3D3CCB7DB8

# File Indicator
file:hashes.MD5 = 2CB7915A13D147E9AF2BA5959958C31A AND file:hashes.SHA-256 = 7C39499DD3B0B283B242F7B7996205A9B3CF8BD5C943EF6766992204D46EC5F1

# File Indicator
file:hashes.MD5 = 250454DC24258B5825AC36F042D9CB71 AND file:hashes.SHA-256 = 769F77AACE5EED4717C7D3142989B53BD5BAC9297A6E11B2C588C3989B397E6B

# File Indicator
file:hashes.SHA-256 = 58CCFB603CDC4D305FDDD52B84AD3F58FF554F1AF4D7EF164007CB8438976166

# File Indicator
file:hashes.SHA-256 = 2CCF7E42AFD3F6BF845865C74B2E01E2046E541BB633D037B05BD1CDB296FA59

# File Indicator
file:hashes.SHA-256 = 1826268249E1EA58275328102A5A8D158D36B4FD312009E4A2526F0BFBC30DE2

# File Indicator
file:hashes.SHA-256 = 110E301D3B5019177728010202C8096824829C0B11BB0DC0BFF55547EAD18286

# File Indicator
file:hashes.SHA-256 = 0B3220B11698B1436D1D866AC07CC90018E59884E91A8CB71EF8924309F1E0E9

# File Indicator
file:hashes.MD5 = F05A4095650DAA1F9B7F72B8DED21A49 AND file:hashes.SHA-256 = BDD4FA8E97E5E6EAAAC8D6178F1CF4C324B9C59FC276FD6B368E811B327CCF8B

# File Indicator
file:hashes.MD5 = 3A0342417E8588EF7738352341E25830 AND file:hashes.SHA-256 = 3C0DBDA8A5500367C22CA224919BFC87D725D890756222C8066933286F26494C

# File Indicator
file:hashes.MD5 = 83500E433A0D63B993B91A94D9D45BCD AND file:hashes.SHA-256 = 93137272F3654D56B9CE63BEC2E40DD816C82FB6BAD9985BED477F17999A47DB

# File Indicator
file:name = app_web_c1tp5zym.dll AND file:size = 12288 AND file:hashes.MD5 = 7D7349E51A9BDCDD8B5DAEEEFE6772B5 AND file:hashes.SHA-256 = C58C2C2EA608C83FAD9326055A8271D47D8246DC9CB401E420C0971C67E19CBF

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = DDD95F1C76A1D50B997B2E64274F386A AND file:hashes.SHA-256 = A1269294254E958E0E58FC0FE887EBBC4201D5C266557F09C3F37542BD6D53D7

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 9F3C306DABC3F349B343251F4443412C AND file:hashes.SHA-256 = F0D85B65B9F6942C75271209138AB24A73DA29A06BC6CC4FAEDDCB825058C09D

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = B69E23CD45C8AC71652737EF44E15A34 AND file:hashes.SHA-256 = CF23EA0D63B4C4C348865CEFD70C35727EA8C82BA86D56635E488D816E60EA45

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 96D467FD9663CF2E5572F8529E54F13E AND file:hashes.SHA-256 = 5B566DE1AA4B2F79F579CDAC6283B33E98FDC8C1CFA6211A787F8156848D67FF

# File Indicator
file:name = h2.aspx AND file:size = 6428 AND file:hashes.MD5 = EEA4D43F9E3700EBCD61405776EB249A AND file:hashes.SHA-256 = D477EC94E522B8D741F46B2C00291DA05C72D21C359244CCB1C211C12B635899

# File Indicator
file:name = human2.aspx AND file:size = 7448 AND file:hashes.MD5 = D71A6B5AE3D89DC33CBBB6877E493D52 AND file:hashes.SHA-256 = B9A0BAF82FEB08E42FA6CA53E9EC379E79FBE8362A7DAC6150EB39C2D33D94AD

# File Indicator
file:name = upload.txt OR UNAVAILABLE AND file:size = 6249 AND file:hashes.MD5 = 44D8E68C7C4E04ED3ADACB5A88450552 AND file:hashes.SHA-256 = 387CEE566AEDBAFA8C114ED1C6B98D8B9B65E9F178CF2F6AE2F5AC441082747A

# File Indicator
file:name = UNAVAILABLE AND file:size = 6249 AND file:hashes.MD5 = 00C6BCE35C40CE1601AA06C4E808C0F1 AND file:hashes.SHA-256 = 38E69F4A6D2E81F28ED2DC6DF0DAF31E73EA365BD2CFC90EBC31441404CCA264

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 04B474E8DB353D368E2D791BA5DEE6D6 AND file:hashes.SHA-256 = 3A977446ED70B02864EF8CFA3135D8B134C93EF868A4CC0AA5D3C2A74545725B

# File Indicator
file:name = UNAVAILABLE OR upload.txt AND file:size = 6223 AND file:hashes.MD5 = FBBA113D1D121220FA43F90B3A20870A AND file:hashes.SHA-256 = 3AB73EA9AEBF271E5F3ED701286701D0BE688BF7AD4FB276CB4FBE35C8AF8409

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 317552CAC7035E35F7BDFC2162DFD29C AND file:hashes.SHA-256 = C77438E8657518221613FBCE451C664A75F05BEEA2184A3AE67F30EA71D34F37

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 8D88E451E39506AE258F3AA99DA8DB9A AND file:hashes.SHA-256 = 0EA05169D111415903A1098110C34CDBBD390C23016CD4E179DD9EF507104495

# File Indicator
file:name = donotuse_human2.aspx AND file:size = 6249 AND file:hashes.MD5 = C2DB1091EB7BAC28461877F736D86D83 AND file:hashes.SHA-256 = 348E435196DD795E1EC31169BD111C7EC964E5A6AB525A562B17F10DE0AB031D

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 538D6E172D18D4CEBEAC211873779BA5 AND file:hashes.SHA-256 = DAAA102D82550F97642887514093C98CCD51735E025995C2CC14718330A856F4

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 45685C190C91EBE0966E8A0AECA31280 AND file:hashes.SHA-256 = 4359AEAD416B1B2DF8AD9E53C497806403A2253B7E13C03317FC08AD3B0B95BF

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = B52E56BFC03878CC5CB9EAE9D3896808 AND file:hashes.SHA-256 = EA433739FB708F5D25C937925E499C8D2228BF245653EE89A6F3D26A5FD00B7A

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = AF136505D384C9A89635B365E55B7FA3 AND file:hashes.SHA-256 = E8012A15B6F6B404A33F293205B602ECE486D01337B8B3EC331CD99CCADB562E

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = B1BDAD086567EFD202BABF56EAC17E1D AND file:hashes.SHA-256 = 9E89D9F045664996067A05610EA2B0AD4F7F502F73D84321FB07861348FDC24A

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = BF7C1DD613101C0A95027249A5FCB759 AND file:hashes.SHA-256 = 2413B5D0750C23B07999EC33A5B4930BE224B661AAF290A0118DB803F31ACBC5

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 11EADCF3F1BC9B0ED6994C3EDE299CE8 AND file:hashes.SHA-256 = B1C299A9FE6076F370178DE7B808F36135DF16C4E438EF6453A39565FF2EC272

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 7D5E5537C5346D764F067F66CCA426BA AND file:hashes.SHA-256 = 9D1723777DE67BC7E11678DB800D2A32DE3BCD6C40A629CD165E3F7BBACE8EAD

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 359A1141A79480555AA996FD6D9E4AF1 AND file:hashes.SHA-256 = 702421BCEE1785D93271D311F0203DA34CC936317E299575B06503945A6EA1E0

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 67FCA3E84490DFDDDF72E9BA558B589A AND file:hashes.SHA-256 = 6015FED13C5510BBB89B0A5302C8B95A5B811982FF6DE9930725C4630EC4011D

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = A85299F78AB5DD05E7F0F11ECEA165EA AND file:hashes.SHA-256 = FE5F8388CCEA7C548D587D1E2843921C038A9F4DDAD3CB03F3AA8A45C29C6A2F

# File Indicator
file:name = human2.aspx AND file:size = 6279 AND file:hashes.MD5 = E9A5F0C7656329CED63D4C8742DA51B4 AND file:hashes.SHA-256 = 48367D94CCB4411F15D7EF9C455C92125F3AD812F2363C4D2E949CE1B615429A

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 911230B5DCA1C43F6D22E65C66B0F6B1 AND file:hashes.SHA-256 = D49CF23D83B2743C573BA383BF6F3C28DA41AC5F745CDE41EF8CD1344528C195

# File Indicator
file:name = human2.aspx AND file:size = 6249 AND file:hashes.MD5 = 8CD6C75E6160B90DE2A52C967B3D4846 AND file:hashes.SHA-256 = C56BCB513248885673645FF1DF44D3661A75CFACDCE485535DA898AA9BA320D4

# File Indicator
file:name = %temp%7zipsfx.000zoom.exe AND file:hashes.MD5 = DFA8EC974DDDF5BCC888549E60D6530F AND file:hashes.SHA-256 = 1285AA7E6EE729BE808C46C069E30A9EE9CE34287151076BA81A0BEA0508FF7E

# File Indicator
file:name = c:usersuserappdatalocaltemp7zipsfx.000anetdiag.dll AND file:hashes.MD5 = E9B3BA7B4F37FE4A9804136801ABB8B0 AND file:hashes.SHA-256 = 2C8D58F439C708C28AC4AD4A0E9F93046CF076FC6E5AB1088E8943C0909ACBC4

# File Indicator
file:name = 7zsfxmod_x86.exe AND file:hashes.MD5 = 65FB9572171B903AA31A325F550D8778 AND file:hashes.SHA-256 = D5BBCAA0C3EEEA17F12A5CC3DBCAFFFF423D00562ACB694561841BCFE984A3B7

# File Indicator
file:name = larabqfa.exe AND file:hashes.MD5 = EE1CCB6A0E38BF95E44B73C3C46268C5 AND file:hashes.SHA-256 = 0E3A14638456F4451FE8D76FDC04E591FBA942C2F16DA31857CA66293A58A4C3

# File Indicator
file:name = dnsjujahur.exe AND file:hashes.MD5 = DBECFE9D5421D319534E0BFA5A6AC162 AND file:hashes.SHA-256 = C9B874D54C18E895FACE055EEB6FAA2DA7965A336D70303D0BD6047BEC27A29D

# File Indicator
file:name = uhfdkuswkfkeduui.exe AND file:hashes.MD5 = B7FED593E8EB3646F876367B56725E6C AND file:hashes.SHA-256 = FF8C8C8BFBA5F2BA2F8003255949678DF209DBFF95E16F2F3C338CFA0FD1B885

# File Indicator
file:name = c042ad2947caf4449295a51f9d640d722b5a6ec6957523ebf68cddb87ef3545c OR c042ad2947caf4449295a51f9d640d722b5a6ec6957523ebf68cddb87ef3545c.exe AND file:hashes.MD5 = 82D4025B84CF569EC82D21918D641540 AND file:hashes.SHA-256 = C042AD2947CAF4449295A51F9D640D722B5A6EC6957523EBF68CDDB87EF3545C