Manage Engine Java Suspicious Sub Process

Rule Info

Name
Manage Engine Java Suspicious Sub Process
Description
Detects suspicious sub processes started by the Manage Engine ServiceDesk Plus Java web service process
Reference
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
Modified
2023-01-21 00:00:00
Date
2023-01-18 00:00:00
Author
Florian Roth (Nextron Systems)
Tags
DEMO
Id
cea2b7ea-792b-405f-95a1-b903ea06458f
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=cea2b7ea-792b-405f-95a1-b903ea06458f

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
7c38a5c49
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
2ad9d65f7
fix: filter and add missing modified
2023-01-21
Nasreddine Bencherchali
933cd0df7
fix: apply suggestions from code review
2023-01-21
Florian Roth
18600eaef
refactor: extended some exploitation rules - sub procs
2023-01-21
Nasreddine Bencherchali
6557b3b23
fix: change link to permalink
2023-01-19
Florian Roth
907b4cc75
docs: changed wording
2023-01-19
Florian Roth
6d10d35b4
rule: Manage Engine suspicious sub process
2023-01-19
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022