MAL_WAR_Ivanti_EPMM_MobileIron_Mi_War_Aug23

Rule Info

Name
MAL_WAR_Ivanti_EPMM_MobileIron_Mi_War_Aug23
Author
Florian Roth
Description
Detects WAR file found in the Ivanti EPMM / MobileIron Core compromises exploiting CVE-2023-35078
Score
85
Reference
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Date
2023-08-01
Minimum Yara
1.7
Rule Hash
26f8dda8519c6c56a442219f4d2515f5
Tags
['MAL', 'FILE', 'CVE_2023_35078', 'DEMO']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_war_ivanti_epmm_mobileiron_mi_war_aug23/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=MAL_WAR_Ivanti_EPMM_MobileIron_Mi_War_Aug23

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-08-03 12:00:54
1
62
6255c75e2e52d779da39367e7a7d4b8d1b3c9c61321361952dcc05819251a127

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022