MAL_WAR_Ivanti_EPMM_MobileIron_LogClear_JAVA_Aug23

Rule Info

Name
MAL_WAR_Ivanti_EPMM_MobileIron_LogClear_JAVA_Aug23
Author
Florian Roth
Description
Detects LogClear.class found in the Ivanti EPMM / MobileIron Core compromises exploiting CVE-2023-35078
Score
80
Reference
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Date
2023-08-01
Minimum Yara
1.7
Rule Hash
19269d0afcc4d43d4394866df914b0e5
Tags
['MAL', 'CVE_2023_35078', 'DEMO']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_war_ivanti_epmm_mobileiron_logclear_java_aug23/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=MAL_WAR_Ivanti_EPMM_MobileIron_LogClear_JAVA_Aug23

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
17
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-02-09 16:45:47
16
60
ab3f70f685be4de79b7c61d7f2825e6329f954446917d6d878886baff4fd4985
2024-01-16 11:44:44
17
58
8bb927fc130dc7e3b3cddfcc4f2f3befeadf967888947db8dfb02c10f307484b
2024-01-16 09:26:29
17
57
01138ed916b07c18a6a487d90105360ca3bfa45e0e61f16a4797ebff053943db
2024-01-16 00:18:31
16
58
83c861ef02a46b827186aaf31e904ecd4ff4fe36cdaf182fe55c1d4fc58a7fa2
2024-01-16 00:04:21
13
58
59ac556af2ab3db3f4604cd8a785a588661a2fb907e16fabce1965ac96620614
2023-12-27 07:06:37
17
61
0894bb1add181c995c4e1d9fc7318cd3a86c0556126848b69404a01ad644672e
2023-12-26 01:38:42
15
61
ebd20fa221537139dbbd0d7dd2eaa05175285c9fdc52be0b7596aa63227eb5d3
2023-12-14 10:29:20
13
61
3c467a8a21de1216ed597961164a71c3b5340e0827b31e87ae134bc479591e28
2023-12-13 22:38:51
12
61
8ec02a974fa95aacaaeb17d59a3d2c3fd85dbb5245ea0a343149cba5fd03cc88
2023-12-10 13:23:44
13
61
01348b8a7cc50d5a132066b602faeaef4181c96a5fce6441081df18e104204c4
2023-12-02 20:44:21
12
60
03031f8b0c78666aceb4b96d04457a414c06d65960552612ee61820290a4d350
2023-11-26 04:05:21
12
61
63c819593efdad6ad1e529fe7a98287bd4b98243978ce1a0f637ee3bc0cc1cb7
2023-11-26 03:24:50
12
61
d8282f8671d0964ec20214b594fff57729c176354fa9ef72b9fc05c20d558d7b
2023-11-14 14:45:53
11
61
3d1b6f419ac6e6d77f1c84062c51737697720acbb49098b8cb4b562a7eb3872b
2023-10-29 23:26:54
13
61
49dfabc5a2b9748a7ab011efe70971d1ec23cffd70bbff4cb955202c432f3975
2023-10-10 22:08:44
15
61
7d6db0ec4893750c954b8e5ab10db249bb4beeb203e861c694fb73909449625b
2023-09-11 09:06:02
8
59
13221710e89d08ec0a9548df53057c9d5ebe8c1e7f0034b5a8b3ee190f5bd863
2023-08-10 19:32:46
12
60
dac075e7dd97112617f5403224cfeb444cb2195c1ff9e463aaa3e91a496ce388

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022