Yara Rule - Lockbit TA 공격에서 발견 된 패턴 감지 시트릭 블레드 취약점을 악용하는 패턴 CVE 2023-4966

Yara Rule - Lockbit TA 공격에서 발견 된 패턴 감지 시트릭 블레드 취약점을 악용하는 패턴 CVE 2023-4966

Yara 정의.

Yara Rule - Detects patterns found in Lockbit TA attacks exploiting Citrixbleed vulnerability CVE 2023-4966

Yara definition.

Author: Florian Roth

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a

date = "2023-11-22"
score = 75
$x1 = "taskkill /f /im sqlwriter.exe /im winmysqladmin.exe /im w3sqlmgr.exe"
$x2 = " 1> \\\\127.0.0.1\\admin$\\__"```


[https://github.com/Neo23x0/signature-base/commit/1490b955a6df2d7ade75291eb2e886a38ed2c8b6](https://github.com/Neo23x0/signature-base/commit/1490b955a6df2d7ade75291eb2e886a38ed2c8b6)