VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors | Mandiant
Tags
attack-pattern: Data Direct Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Timestomp - T1070.006 Vulnerabilities - T1588.006 Hypervisor - T1062 Timestomp - T1099
Show in Graph
Common Information
Type Value
UUID 997fb748-9d78-4a83-9555-8fd1bdef79c0
Fingerprint fcb598d58c8362e0
Analysis status DONE
Considered CTI value 2
Text language
Published June 13, 2023, midnight
Added to db Oct. 22, 2023, 11:11 p.m.
Last updated Nov. 14, 2024, 5:15 a.m.
Headline VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors
Title VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors | Mandiant
Detected Hints/Tags/Attributes 75/1/14
Source URLs
Redirection Url
Details Source https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
Details Source https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass?&web_view=true
URL Provider
Details Provider Source level domain
Details mandiant.com www.mandiant.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 99 Cyware News - Latest Cyber News https://cyware.com/allnews/feed 2024-08-30 22:08
Details 330 Threat Intelligence https://www.mandiant.com/resources/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 38 
cve-2023-20867
Details CVE 8 
cve-2022-22948
Details Domain 1 
lp.py
Details Domain 1 
pall.py
Details Domain 1 
vmci0.id
Details File 3 
e.py
Details File 2 
vmkwarning.log
Details File 12 
d.py
Details File 2 
l.py
Details File 1 
lp.py
Details File 3 
p.py
Details File 1 
pall.py
Details File 2 
u.py
Details Mandiant Uncategorized Groups 52 
UNC3886