EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_2

Rule Info

Name
EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_2
Author
Florian Roth
Description
Detects forensic artifacts found after an exploitation of Citrix NetScaler ADC CVE-2023-3519
Score
70
Reference
https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf
Date
2023-07-21
Minimum Yara
1.7
Rule Hash
2f955bdf96e198781119411c34401e57
Tags
['EXPLOIT', 'DEMO', 'CVE_2023_3519']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/expl_citrix_netscaler_adc_forensicartifacts_cve_2023_3519_jul23_2/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_2

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
16
Suspicious (< 10 engines)
0
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-02-09 16:53:16
16
60
ab3f70f685be4de79b7c61d7f2825e6329f954446917d6d878886baff4fd4985
2024-01-15 23:55:32
13
58
59ac556af2ab3db3f4604cd8a785a588661a2fb907e16fabce1965ac96620614
2024-01-15 23:22:24
13
58
01138ed916b07c18a6a487d90105360ca3bfa45e0e61f16a4797ebff053943db
2024-01-15 22:50:23
13
58
8bb927fc130dc7e3b3cddfcc4f2f3befeadf967888947db8dfb02c10f307484b
2023-12-27 07:03:48
17
61
0894bb1add181c995c4e1d9fc7318cd3a86c0556126848b69404a01ad644672e
2023-12-26 03:00:58
15
61
ebd20fa221537139dbbd0d7dd2eaa05175285c9fdc52be0b7596aa63227eb5d3
2023-12-14 12:06:25
13
61
3c467a8a21de1216ed597961164a71c3b5340e0827b31e87ae134bc479591e28
2023-12-13 22:05:18
12
61
8ec02a974fa95aacaaeb17d59a3d2c3fd85dbb5245ea0a343149cba5fd03cc88
2023-12-10 12:54:32
13
61
01348b8a7cc50d5a132066b602faeaef4181c96a5fce6441081df18e104204c4
2023-12-02 19:23:03
12
60
03031f8b0c78666aceb4b96d04457a414c06d65960552612ee61820290a4d350
2023-11-26 05:02:49
12
61
d8282f8671d0964ec20214b594fff57729c176354fa9ef72b9fc05c20d558d7b
2023-11-26 04:21:59
12
61
63c819593efdad6ad1e529fe7a98287bd4b98243978ce1a0f637ee3bc0cc1cb7
2023-11-14 14:43:35
11
61
3d1b6f419ac6e6d77f1c84062c51737697720acbb49098b8cb4b562a7eb3872b
2023-10-29 22:09:54
13
61
49dfabc5a2b9748a7ab011efe70971d1ec23cffd70bbff4cb955202c432f3975
2023-09-05 08:18:10
14
60
7d6db0ec4893750c954b8e5ab10db249bb4beeb203e861c694fb73909449625b
2023-08-10 20:02:50
12
60
dac075e7dd97112617f5403224cfeb444cb2195c1ff9e463aaa3e91a496ce388

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022