ioc[.]one - OSINT Cyber Threat Intelligence Database

TargetCompany’s Linux Variant Targets ESXi Environments

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter
country:	China India South Korea Thailand Taiwan
attack-pattern:	Data Command And Scripting Interpreter - T1623 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disguise Root/Jailbreak Indicators - T1408 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over C2 Channel - T1646 File Deletion - T1070.004 File Deletion - T1630.002 Ingress Tool Transfer - T1544 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Unix Shell - T1059.004 Vulnerabilities - T1588.006 Unix Shell - T1623.001 Command-Line Interface - T1059 Exfiltration Over Alternative Protocol - T1048 Exfiltration Over Command And Control Channel - T1041 File Deletion - T1107 Hypervisor - T1062 Remote File Copy - T1105 Powershell - T1086 System Information Discovery - T1082

Show in Graph

Common Information

Type	Value
UUID	bd340cad-d310-4d20-b86a-84e1bd3273e6
Fingerprint	a59f889be536a79d
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 5, 2024, midnight
Added to db	Oct. 15, 2024, 10:08 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	TargetCompany’s Linux Variant Targets ESXi Environments
Title	TargetCompany’s Linux Variant Targets ESXi Environments
Detected Hints/Tags/Attributes	78/3/25

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_in/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	49	trojan.sh
Details	File	5	targetinfo.txt
Details	File	11	ap.php
Details	File	29	decrypt.txt
Details	File	3	linux.tar
Details	File	2	sh.tar
Details	File	2	win64.tar
Details	File	2	win32.tar
Details	File	59	post.php
Details	sha1	2	2b82b463dab61cd3d7765492d7b4a529b4618e57
Details	sha1	2	9779aa8eb4c6f9eb809ebf4646867b0ed38c97e1
Details	sha1	2	3642996044cd85381b19f28a9ab6763e2bab653c
Details	sha1	2	4cdee339e038f5fc32dde8432dc3630afd4df8a2
Details	sha1	2	0f6bea3ff11bb56c2daf4c5f5c5b2f1afd3d5098
Details	IPv4	2	111.10.231.151
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	86	T1059.004
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	3	T1408
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	472	T1486
Details	Url	2	http://111.10.231.151:8168/general/vmeet/upload/temp/x.sh
Details	Url	2	http://111.10.231.151:8168/general/vmeet/upload/temp/x
Details	Url	2	http://111.10.231.151:8168/general/vmeet/upload/temp/post.php