Yara Rule - Lockbit TA 공격에서 발견 된 패턴 감지 시트릭 블레드 취약점을 악용하는 패턴 CVE 2023-4966
Yara 정의.
Yara Rule - Detects patterns found in Lockbit TA attacks exploiting Citrixbleed vulnerability CVE 2023-4966
Yara definition.
Author: Florian Roth
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
date = "2023-11-22"
score = 75
$x1 = "taskkill /f /im sqlwriter.exe /im winmysqladmin.exe /im w3sqlmgr.exe"
$x2 = " 1> \\\\127.0.0.1\\admin$\\__"```
[https://github.com/Neo23x0/signature-base/commit/1490b955a6df2d7ade75291eb2e886a38ed2c8b6](https://github.com/Neo23x0/signature-base/commit/1490b955a6df2d7ade75291eb2e886a38ed2c8b6)