Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
Tags
attack-pattern: Data Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 7ecb45e2-42a9-44a8-b511-7574e15ed2d3
Fingerprint b664199185364f4b
Analysis status DONE
Considered CTI value 0
Text language
Published June 28, 2022, midnight
Added to db Oct. 15, 2024, 3:37 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
Title Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
Detected Hints/Tags/Attributes 58/1/37
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_ph/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_nl/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_hk/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_ie/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_ca/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_dk/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_se/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_ae/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_id/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_be/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_gb/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_no/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_fi/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details File 8 
mfeann.exe
Details File 6 
lockdown.dll
Details File 2 
c0000012.log
Details File 2 
c:\users\public\mfeann.exe
Details File 2 
c:\users\public\lockdown.dll
Details File 2 
c:\users\public\c0000012.log
Details File 2 
vmwarexferlog.exe
Details File 28 
0.dll
Details File 5 
vmwarexferlogs.exe
Details File 2 
c:\programdata\vmwarexferlogs.exe
Details File 3 
vmtools.ini
Details File 2 
c:\programdata\vmtools.ini
Details File 81 
werfault.exe
Details File 478 
lsass.exe
Details File 27 
node.exe
Details File 175 
update.exe
Details File 37 
rclone.exe
Details File 2127 
cmd.exe
Details File 2 
medias.exe
Details File 2 
unlockapps.exe
Details IPv4 3 
45.32.108.54
Details IPv4 4 
45.61.139.38
Details IPv4 2 
45.61.137.57
Details IPv4 2 
162.125.1.14
Details IPv4 2 
162.125.1.19
Details IPv4 2 
162.125.2.14
Details IPv4 2 
162.125.2.19
Details IPv4 2 
162.125.7.14
Details IPv4 2 
162.125.7.19
Details IPv4 1441 
127.0.0.1
Details Url 2 
http://45.32.108.54:443/mfeann.exe
Details Url 2 
http://45.32.108.54:443/lockdown.dll
Details Url 2 
http://45.32.108.54:443/c0000012.log
Details Url 2 
http://45.61.139.38/vmwarexferlogs.exe
Details Url 2 
http://45.61.139.38/glib-2.0.dll
Details Url 2 
http://45.61.139.38/vmtools.ini
Details Url 2 
http://45.61.137.57:80