X-Force uncovers global NetScaler Gateway credential harvesting campaign
Tags
country: United States Of America
attack-pattern: Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID 8811ec87-5ec6-4f9c-bdb1-fe91939130ae
Fingerprint 31098cdb4a279389
Analysis status DONE
Considered CTI value 1
Text language
Published Oct. 6, 2023, midnight
Added to db Oct. 24, 2023, 1:07 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline X-Force uncovers global NetScaler Gateway credential harvesting campaign
Title X-Force uncovers global NetScaler Gateway credential harvesting campaign
Detected Hints/Tags/Attributes 49/2/15
Source URLs
Redirection Url
Details Redirection https://securityintelligence.com/posts/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/
Details Source https://securityintelligence.com/x-force/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/
URL Provider
Details Provider Source level domain
Details securityintelligence.com securityintelligence.com
Attributes
Details Type #Events CTI Value
Details CVE 152 
cve-2023-3519
Details Domain 1 
jscloud.ink
Details Domain 1 
jscloud.live
Details Domain 1 
jscloud.biz
Details Domain 1 
jscdn.biz
Details Domain 1 
cloudjs.live
Details File 816 
index.html
Details File 2 
httpaccess.log
Details File 2 
httperror.log
Details File 3 
httpaccess-vpn.log
Details File 3 
bash.log
Details File 2 
sh.log
Details File 14 
database.php
Details File 5 
notice.log
Details Threat Actor Identifier - FIN 68 
FIN8