MAL_WAR_Ivanti_EPMM_MobileIron_LogClear_JAVA_Aug23

Rule Info

Name
MAL_WAR_Ivanti_EPMM_MobileIron_LogClear_JAVA_Aug23
Author
Florian Roth
Description
Detects LogClear.class found in the Ivanti EPMM / MobileIron Core compromises exploiting CVE-2023-35078
Score
80
Reference
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Date
2023-08-01
Minimum Yara
1.7
Rule Hash
19269d0afcc4d43d4394866df914b0e5
Tags
['CVE_2023_35078', 'DEMO', 'MAL']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_war_ivanti_epmm_mobileiron_logclear_java_aug23/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=MAL_WAR_Ivanti_EPMM_MobileIron_LogClear_JAVA_Aug23

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-09-11 09:06:02
8
59
13221710e89d08ec0a9548df53057c9d5ebe8c1e7f0034b5a8b3ee190f5bd863
2023-08-10 19:32:46
12
60
dac075e7dd97112617f5403224cfeb444cb2195c1ff9e463aaa3e91a496ce388

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022