To help organizations identify compromised systems associated with CVE-2019-19781, FireEye and Citrix worked together to release the IOC Scanner for CVE-2019-19781 that searches for indicators of compromise associated with attacker activity observed by FireEye Mandiant. This free tool is designed to allow Citrix customers to run it locally on their Citrix instances and receive a rapid assessment of potential indications of compromise based on known attacks and exploits.
|Resources:||FireEye Blog - 404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor|
|Citrix Blog - Citrix and FireEye Mandiant Share Forensic Tool for CVE-2019-19781|
|FireEye Blog - Rough Patch: I Promise It'll Be 200 OK|
|Citrix Press Release|
|FireEye Blog - Nice Try: 501 (Ransomware) Not Implemented|
|FireEye Blog - FireEye and Citrix Tool Scans for Indicators of Compromise Related to CVE-2019-19781|