WEBSHELL_SECRETSAUCE_Jul23_1

Rule Info

Name
WEBSHELL_SECRETSAUCE_Jul23_1
Author
Florian Roth
Description
Detects SECRETSAUCE PHP webshells (found after an exploitation of Citrix NetScaler ADC CVE-2023-3519)
Score
85
Date
2023-07-24
Minimum Yara
1.7
Rule Hash
9ae8445b8f964be8f574a93032aa5a46
Tags
['WEBSHELL', 'CVE_2023_3519', 'T1505_003', 'DEMO']
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
3
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-08-02 01:31:14
3
58
01c897d63f5a8b9bb9efab7a3567c6a832f36dd7c2dbba433ec29a6f9b9bffd3
2023-07-25 00:18:53
1
59
20e68a276badbd6a38aa6d6e57d28c3e4c133256ef320b83848253f80ae7a1ee
2023-07-24 22:44:05
2
58
293fe23849cffb460e8d28691c640a5292fd4649b0f94a019b45cc586be83fd9

Rule Matches per Month (last 24 months)