TargetCompany’s Linux Variant Targets ESXi Environments
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter
country: China India South Korea Thailand Taiwan
attack-pattern: Data Command And Scripting Interpreter - T1623 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disguise Root/Jailbreak Indicators - T1408 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over C2 Channel - T1646 File Deletion - T1070.004 File Deletion - T1630.002 Ingress Tool Transfer - T1544 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Unix Shell - T1059.004 Vulnerabilities - T1588.006 Unix Shell - T1623.001 Command-Line Interface - T1059 Exfiltration Over Alternative Protocol - T1048 Exfiltration Over Command And Control Channel - T1041 File Deletion - T1107 Hypervisor - T1062 Remote File Copy - T1105 Powershell - T1086 System Information Discovery - T1082
Show in Graph
Common Information
Type Value
UUID 38fad76e-a839-4757-9800-308d5dca4416
Fingerprint a59f889b8537a79d
Analysis status DONE
Considered CTI value 2
Text language
Published June 5, 2024, midnight
Added to db Aug. 31, 2024, 6:39 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline TargetCompany’s Linux Variant Targets ESXi Environments
Title TargetCompany’s Linux Variant Targets ESXi Environments
Detected Hints/Tags/Attributes 79/3/26
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
Details Source https://www.trendmicro.com/en_ph/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
Details Source https://www.trendmicro.com/en_th/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
Details Source https://www.trendmicro.com/en_ie/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
Details Source https://www.trendmicro.com/en_se/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
Details Source https://www.trendmicro.com/en_ca/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
Details Source https://www.trendmicro.com/en_gb/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
Details Source https://www.trendmicro.com/en_fi/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 119 Trend Micro Research, News and Perspectives https://feeds.feedburner.com/TrendMicroSimplySecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 49 
trojan.sh
Details File 5 
targetinfo.txt
Details File 11 
ap.php
Details File 29 
decrypt.txt
Details File 3 
linux.tar
Details File 2 
sh.tar
Details File 2 
win64.tar
Details File 2 
win32.tar
Details File 59 
post.php
Details sha1 1 
dffa99b9fe6e7d3e19afba38c9f7ec739581f656
Details sha1 2 
2b82b463dab61cd3d7765492d7b4a529b4618e57
Details sha1 2 
9779aa8eb4c6f9eb809ebf4646867b0ed38c97e1
Details sha1 2 
3642996044cd85381b19f28a9ab6763e2bab653c
Details sha1 2 
4cdee339e038f5fc32dde8432dc3630afd4df8a2
Details sha1 2 
0f6bea3ff11bb56c2daf4c5f5c5b2f1afd3d5098
Details IPv4 2 
111.10.231.151
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 86 
T1059.004
Details MITRE ATT&CK Techniques 492 
T1105
Details MITRE ATT&CK Techniques 3 
T1408
Details MITRE ATT&CK Techniques 422 
T1041
Details MITRE ATT&CK Techniques 472 
T1486
Details Url 2 
http://111.10.231.151:8168/general/vmeet/upload/temp/x.sh
Details Url 2 
http://111.10.231.151:8168/general/vmeet/upload/temp/x
Details Url 2 
http://111.10.231.151:8168/general/vmeet/upload/temp/post.php