EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_3

Rule Info

Name
EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_3
Author
Florian Roth
Description
Detects forensic artifacts found after an exploitation of Citrix NetScaler ADC CVE-2023-3519
Score
70
Reference
https://www.mandiant.com/resources/blog/citrix-zero-day-espionage
Date
2023-07-24
Minimum Yara
1.7
Rule Hash
108b715cc94e1451e5970ba0fca39ac3
Tags
['EXPLOIT', 'DEMO', 'CVE_2023_3519']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/expl_citrix_netscaler_adc_forensicartifacts_cve_2023_3519_jul23_3/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_3

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
17
Suspicious (< 10 engines)
4
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-11-12 12:47:28
10
62
fb91830e9767e9df1f2e58b95e000539ae9adffec48f80547260c1e6b3cd0799
2024-10-02 03:02:25
9
63
036fb957f48d8d05d42abddf9cbad620d8fc1b0a8a5929b7300869439f4673ae
2024-08-26 04:29:58
15
65
9eb8d4d86a528c0c40fee60bd37ca326059a95b55a33b1105db68d60611a92b1
2024-06-13 04:25:16
13
59
3ef7f4c0ca12b49136e1ac18f2624aaf0b4133588d09d722e01632a0e2fa1c3e
2024-06-06 05:48:54
17
64
b76200818412951520ab6359b68bd8f870359f067a0e04c169ec707b92e52877
2024-02-17 09:32:31
6
59
73a971eac9a47bcb0edb5d4cb279ad7150d17b69cbbb0fb3812ddb77811f2eb9
2024-01-22 18:01:16
13
59
ab3f70f685be4de79b7c61d7f2825e6329f954446917d6d878886baff4fd4985
2023-12-27 07:17:20
17
61
0894bb1add181c995c4e1d9fc7318cd3a86c0556126848b69404a01ad644672e
2023-12-26 03:03:39
15
61
ebd20fa221537139dbbd0d7dd2eaa05175285c9fdc52be0b7596aa63227eb5d3
2023-12-21 21:01:08
18
63
d8282f8671d0964ec20214b594fff57729c176354fa9ef72b9fc05c20d558d7b
2023-12-14 12:06:16
13
61
3c467a8a21de1216ed597961164a71c3b5340e0827b31e87ae134bc479591e28
2023-12-14 00:01:40
12
61
8ec02a974fa95aacaaeb17d59a3d2c3fd85dbb5245ea0a343149cba5fd03cc88
2023-12-10 13:51:35
13
61
01348b8a7cc50d5a132066b602faeaef4181c96a5fce6441081df18e104204c4
2023-12-02 21:23:57
12
60
03031f8b0c78666aceb4b96d04457a414c06d65960552612ee61820290a4d350
2023-11-30 02:15:56
8
60
8cef3bf2ef33460ed0cadff8530335ac282e6f107b2819f01edff8d9dbda322a
2023-11-26 05:08:36
12
61
63c819593efdad6ad1e529fe7a98287bd4b98243978ce1a0f637ee3bc0cc1cb7
2023-11-14 14:40:38
11
61
3d1b6f419ac6e6d77f1c84062c51737697720acbb49098b8cb4b562a7eb3872b
2023-10-29 21:58:10
13
61
49dfabc5a2b9748a7ab011efe70971d1ec23cffd70bbff4cb955202c432f3975
2023-10-24 14:11:39
0
60
aba386352a7e9d2670be980882efb9f71c7075581f34eb3aa3e49386a4d6026d
2023-09-04 07:00:42
12
60
7d6db0ec4893750c954b8e5ab10db249bb4beeb203e861c694fb73909449625b
2023-08-10 21:06:45
12
60
dac075e7dd97112617f5403224cfeb444cb2195c1ff9e463aaa3e91a496ce388
2023-08-02 01:31:14
3
58
01c897d63f5a8b9bb9efab7a3567c6a832f36dd7c2dbba433ec29a6f9b9bffd3

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022