ioc[.]one - OSINT Cyber Threat Intelligence Database

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Exploitation For Defense Evasion
country:	Argentina Australia Thailand
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Command And Scripting Interpreter - T1623 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Execution Guardrails - T1480 Execution Guardrails - T1627 Ip Addresses - T1590.005 Lateral Tool Transfer - T1570 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Ssh - T1021.004 Windows Command Shell - T1059.003 Tool - T1588.002 Vulnerabilities - T1588.006 Command-Line Interface - T1059 Exploitation For Defense Evasion - T1211 Powershell - T1086 Remote Services - T1021

Show in Graph

Common Information

Type	Value
UUID	1cd4c383-9d6d-4447-803a-c2e897c1abb1
Fingerprint	be33a1f585b39f47
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 26, 2024, midnight
Added to db	Oct. 15, 2024, 3:40 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
Title	Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
Detected Hints/Tags/Attributes	82/4/9

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_id/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_ph/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_hk/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_dk/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_th/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_nl/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_ie/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_ae/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_se/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_be/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_no/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_gb/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_ca/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
Details	Source	https://www.trendmicro.com/en_fi/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	File	5		martini.sys
Details	File	2		c:\users\public\enc.exe
Details	File	2		c:\users\public\pwndll.dll
Details	MITRE ATT&CK Techniques	333		T1059.003
Details	MITRE ATT&CK Techniques	59		T1021.004
Details	MITRE ATT&CK Techniques	118		T1570
Details	MITRE ATT&CK Techniques	472		T1486
Details	MITRE ATT&CK Techniques	48		T1480
Details	MITRE ATT&CK Techniques	30		T1211