Ransomware as a Service – Nevada Ransomware campaign targeting VMWare ESXi servers
Tags
| country: | Russia |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | a35257ee-49e9-4fe4-b4fb-40dac9d21db2 |
| Fingerprint | 9da618592057a6c1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 9, 2023, 4:25 a.m. |
| Added to db | Nov. 8, 2023, 11:50 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Ransomware as a Service – Nevada Ransomware campaign targeting VMWare ESXi servers |
| Title | Ransomware as a Service – Nevada Ransomware campaign targeting VMWare ESXi servers |
| Detected Hints/Tags/Attributes | 53/2/34 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 205 | ✔ | Kudelski Security Research | https://research.kudelskisecurity.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 66 | cve-2021-21974 |
|
| Details | Domain | 150 | www.vmware.com |
|
| Details | Domain | 39 | kb.vmware.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 3 | nevcorps5cvivjf6i2gm4uia7cxng5ploqny2rgrinctazjlnqr2yiyd.onion |
|
| Details | Domain | 3 | blog.ovhcloud.com |
|
| Details | Domain | 8 | www.resecurity.com |
|
| Details | Domain | 280 | thehackernews.com |
|
| Details | Domain | 571 | www.cve.org |
|
| Details | Domain | 61 | censys.io |
|
| Details | Domain | 3 | core.vmware.com |
|
| Details | File | 6 | vmsa-2021-0002.html |
|
| Details | File | 367 | readme.txt |
|
| Details | File | 45 | mpr.dll |
|
| Details | File | 1 | new-wave-of-ransomware-attacks.html |
|
| Details | File | 1 | new-esxiargs-ransomware-variant-emerges.html |
|
| Details | Github username | 11 | cisagov |
|
| Details | md5 | 4 | 99549bcea63af5f81b01decf427519af |
|
| Details | md5 | 3 | fb5dcf0b880b57b10a2093f164f2ed27 |
|
| Details | md5 | 3 | 709ba88e758454f097959c3e62997000 |
|
| Details | md5 | 3 | f1f569c6e4f961007f7411fca131bbe0 |
|
| Details | md5 | 3 | 1396ab93e9104faaf138ac64211471ba |
|
| Details | Url | 5 | https://www.vmware.com/security/advisories/vmsa-2021-0002.html |
|
| Details | Url | 5 | https://kb.vmware.com/s/article/76372 |
|
| Details | Url | 3 | https://github.com/cisagov/esxiargs-recover |
|
| Details | Url | 2 | https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi |
|
| Details | Url | 1 | https://www.resecurity.com/blog/article/nevada-ransomware-waiting-for-the-next-dark-web-jackpot |
|
| Details | Url | 2 | https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-14#entry5470686 |
|
| Details | Url | 1 | https://thehackernews.com/2023/02/new-wave-of-ransomware-attacks.html |
|
| Details | Url | 564 | https://www.cve.org/cverecord?id=cve |
|
| Details | Url | 1 | https://censys.io/esxwhy-a-look-at-esxiargs-ransomware |
|
| Details | Url | 1 | https://core.vmware.com/esxiargs-questions-answers |
|
| Details | Url | 1 | https://thehackernews.com/2023/02/new-esxiargs-ransomware-variant-emerges.html |