Yara Rule - Citrix Netscaler ADC CVE-203-3519의 악용 후 발견 된 포렌식 아티팩트 감지 - Neo23x0

🧱 보안 정책/룰 관련
1

Yara Rule - Citrix Netscaler ADC CVE-203-3519의 악용 후 발견 된 포렌식 아티팩트 감지

Yara 정의.

Yara Rule - Detects forensic artifacts found after an exploitation of Citrix NetScaler ADC CVE-2023-3519

Yara definition.

Author: Florian Roth

https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf

date = "2023-07-18"
modified = "2023-07-21"
score = 70
$sa1 = "216.41.162.172" ascii fullword
$sb1 = "/flash/nsconfig/keys" ascii
$sb2 = "ldapsearch" ascii fullword
$sb3 = "ns_gui/vpn" ascii
$sb4 = "LDAPTLS_REQCERT" ascii fullword
filepath == "/var/log"```


[https://github.com/Neo23x0/signature-base/commit/289de36ea51648dcf4665b3d73c94da398639d84](https://github.com/Neo23x0/signature-base/commit/289de36ea51648dcf4665b3d73c94da398639d84)