EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_2

Rule Info

Name
EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_2
Author
Florian Roth
Description
Detects forensic artifacts found after an exploitation of Citrix NetScaler ADC CVE-2023-3519
Score
70
Reference
https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf
Date
2023-07-21
Minimum Yara
1.7
Rule Hash
2f955bdf96e198781119411c34401e57
Tags
['EXPLOIT', 'CVE_2023_3519', 'DEMO']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/expl_citrix_netscaler_adc_forensicartifacts_cve_2023_3519_jul23_2/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_2

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
0
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-09-05 08:18:10
14
60
7d6db0ec4893750c954b8e5ab10db249bb4beeb203e861c694fb73909449625b
2023-08-10 20:02:50
12
60
dac075e7dd97112617f5403224cfeb444cb2195c1ff9e463aaa3e91a496ce388

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022