Suspicious Child Process Of Manage Engine ServiceDesk

Rule Info

Name
Suspicious Child Process Of Manage Engine ServiceDesk
Author
Florian Roth (Nextron Systems)
Description
Detects suspicious child processes of the "Manage Engine ServiceDesk Plus" Java web service
Reference
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
Date
2023-01-18 00:00:00
Modified
2023-08-29 00:00:00
Id
cea2b7ea-792b-405f-95a1-b903ea06458f
Tags
attack.command_and_control attack.t1102 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=cea2b7ea-792b-405f-95a1-b903ea06458f

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4891 from @nasbench - Promote older rules status from `experimental` to `test`
2024-07-01
47085e948
Nasreddine Bencherchali
Merge PR #4406 from @nasbench - Multiple Updates & Additions
2023-09-07
bdffe3a7f
Tessa Georgen
Merge PR #4392 from @tjgeorgen - Update MITRE Tags
2023-08-28
60b8e9b70
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
Nasreddine Bencherchali
fix: filter and add missing modified
2023-01-21
2ad9d65f7
Nasreddine Bencherchali
fix: apply suggestions from code review
2023-01-21
933cd0df7
Florian Roth
refactor: extended some exploitation rules - sub procs
2023-01-21
18600eaef
Nasreddine Bencherchali
fix: change link to permalink
2023-01-19
6557b3b23
Florian Roth
docs: changed wording
2023-01-19
907b4cc75
Florian Roth
rule: Manage Engine suspicious sub process
2023-01-19
6d10d35b4
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022