EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_3

Rule Info

Name
EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_3
Author
Florian Roth
Description
Detects forensic artifacts found after an exploitation of Citrix NetScaler ADC CVE-2023-3519
Score
70
Reference
https://www.mandiant.com/resources/blog/citrix-zero-day-espionage
Date
2023-07-24
Minimum Yara
1.7
Rule Hash
108b715cc94e1451e5970ba0fca39ac3
Tags
['EXPLOIT', 'CVE_2023_3519', 'DEMO']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/expl_citrix_netscaler_adc_forensicartifacts_cve_2023_3519_jul23_3/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=EXPL_Citrix_Netscaler_ADC_ForensicArtifacts_CVE_2023_3519_Jul23_3

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-09-04 07:00:42
12
60
7d6db0ec4893750c954b8e5ab10db249bb4beeb203e861c694fb73909449625b
2023-08-10 21:06:45
12
60
dac075e7dd97112617f5403224cfeb444cb2195c1ff9e463aaa3e91a496ce388
2023-08-02 01:31:14
3
58
01c897d63f5a8b9bb9efab7a3567c6a832f36dd7c2dbba433ec29a6f9b9bffd3

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022