ioc[.]one - OSINT Cyber Threat Intelligence Database

Massive Ransomware Attack Targets VMware ESXi Servers

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Obfuscated Files Or Information
country:	Germany France United States Of America
attack-pattern:	Data Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Python - T1059.006 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Systemd Service - T1543.002 Systemd Service - T1501 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 File And Directory Discovery - T1083 Obfuscated Files Or Information - T1027 Scripting - T1064 Security Software Discovery - T1063 System Information Discovery - T1082 User Execution - T1204 Scripting User Execution

Show in Graph

Common Information

Type	Value
UUID	6333fd1d-0bc8-4d81-bba2-4ae29b23ef20
Fingerprint	bca21c7324ff8243
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 6, 2023, midnight
Added to db	Oct. 24, 2023, 1:29 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Massive Ransomware Attack Targets VMware ESXi Servers
Title	Massive Ransomware Attack Targets VMware ESXi Servers
Detected Hints/Tags/Attributes	74/3/19

Source URLs

	Redirection	Url
Details	Redirection	https://blog.cyble.com/2023/02/06/massive-ransomware-attack-targets-vmware-esxi-servers/
Details	Source	https://cyble.com/blog/massive-ransomware-attack-targets-vmware-esxi-servers/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com
Details	cyble.com	blog.cyble.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	66		cve-2021-21974
Details	Domain	9		encrypt.sh
Details	Domain	9		vmtools.py
Details	File	2		1.vmdk
Details	File	816		index.html
Details	File	12		index1.html
Details	File	9		vmtools.py
Details	sha256	6		11b1b2375d9d840912cfd1f0d0d04d93ed0cddb0ae4ddb550a5b62cd044d6b66
Details	sha256	6		10c3b6b03a9bf105d264a8e7f30dcab0a6c59a414529b0af0a6bd9f1d2984459
Details	MITRE ATT&CK Techniques	420		T1204
Details	MITRE ATT&CK Techniques	695		T1059
Details	MITRE ATT&CK Techniques	80		T1064
Details	MITRE ATT&CK Techniques	122		T1543
Details	MITRE ATT&CK Techniques	265		T1222
Details	MITRE ATT&CK Techniques	627		T1027
Details	MITRE ATT&CK Techniques	1006		T1082
Details	MITRE ATT&CK Techniques	585		T1083
Details	MITRE ATT&CK Techniques	185		T1518
Details	MITRE ATT&CK Techniques	444		T1071