#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability [Wednesday, November 22, 2023]

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability [Wednesday, November 22, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

Description :
CISA reports that Lockbit 3.0 affiliates are leveraging CVE 2023-4966 (Citrix Bleed) to bypass password requirements and multifactor authentication (MFA), leading to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances.

Published :
2023-11-22T11:38:01.453Z

Created :
2023-11-22T11:38:01.453Z

Modified :
2023-11-22T11:58:09.422Z

Tags

  • ransomware
  • lockbit
  • splashtop abuse
  • anydesk abuse
  • citrix bleed
  • cve20234966

Indicators

IPv4s :
  • 45.129.137.233
  • 185.229.191.41
  • 81.19.135.220
  • 81.19.135.219
  • 168.100.9.137
  • 193.201.9.224
  • 141.98.9.137
  • 206.188.197.22
  • 185.17.40.178
  • 81.19.135.226
  • 62.233.50.25
URLs :
  • https://adobe-us-updatefiles.digital/index.php
  • http://81.19.135.219:443/q0X5wzEh6P7.hta
  • http://81.19.135.219/F8PtZ87fE8dJWqe.hta
  • http://62.233.50.25/en-us/docs.html
  • http://62.233.50.25/en-us/test.html
Domains :
  • unattended.techninline.net
Hashes :
  • ed5d694d561c97b4d70efe934936286fe562addf7d6836f795b336d9791a5c44
  • 0b9b6a9c1eb839e142fc4088ad43bdb4c52c3c9d
  • 3c67d4f90206e692f9511426ac2bd4becaaa3851
  • cc21c77e1ee7e916c9c48194fad083b2d4b2023df703e544ffb2d6a0bfc90a63
  • 0da7ee157236badc4568962b381cce811e0b0c1e
  • 3c47ed12de2d5c9d356a046885b867fceed3fdbb
  • 498ba0afa5d3b390f852af66bd6e763945bf9b6bff2087015ed8612a18372155
  • adobe-us-updatefiles.digital
  • d6044e0f131429dc7b234c364349e60bb8ed0876
  • 98e79f95cf8de8ace88bf223421db5dce303b112152d66ffdf27ebdfcdf967e9
  • 906602ea3c887af67bcb4531bbbb459d7c24a2efcb866bcb1e3b028a51f12ae6
  • e557e1440e394537cca71ed3d61372106c3c70eb6ef9f07521768f23a0974068
  • 17a27b1759f10d1f6f1f51a11c0efea550e2075c2c394259af4d3f855bbcc994
Attacks Pattern :
  • T1556
  • T1539
  • T1059.001
  • T1082
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.