Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
Tags
attack-pattern: Data Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID cfaa4982-62cc-4d62-8b32-3702915d9ba1
Fingerprint b464199195364f6b
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published June 28, 2022, midnight
Added to db Oct. 15, 2024, 4:02 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
Title Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
Detected Hints/Tags/Attributes 57/1/38
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_my/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_au/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_in/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
Details Source https://www.trendmicro.com/en_sg/research/22/g/log4shell-vulnerability-in-vmware-leads-to-data-exfiltration-and-ransomware.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 25 
the.net
Details File 8 
mfeann.exe
Details File 6 
lockdown.dll
Details File 2 
c0000012.log
Details File 2 
c:\users\public\mfeann.exe
Details File 2 
c:\users\public\lockdown.dll
Details File 2 
c:\users\public\c0000012.log
Details File 2 
vmwarexferlog.exe
Details File 28 
0.dll
Details File 5 
vmwarexferlogs.exe
Details File 2 
c:\programdata\vmwarexferlogs.exe
Details File 3 
vmtools.ini
Details File 2 
c:\programdata\vmtools.ini
Details File 81 
werfault.exe
Details File 478 
lsass.exe
Details File 27 
node.exe
Details File 175 
update.exe
Details File 37 
rclone.exe
Details File 2126 
cmd.exe
Details File 2 
medias.exe
Details File 2 
unlockapps.exe
Details IPv4 3 
45.32.108.54
Details IPv4 4 
45.61.139.38
Details IPv4 2 
45.61.137.57
Details IPv4 2 
162.125.1.14
Details IPv4 2 
162.125.1.19
Details IPv4 2 
162.125.2.14
Details IPv4 2 
162.125.2.19
Details IPv4 2 
162.125.7.14
Details IPv4 2 
162.125.7.19
Details IPv4 1441 
127.0.0.1
Details Url 2 
http://45.32.108.54:443/mfeann.exe
Details Url 2 
http://45.32.108.54:443/lockdown.dll
Details Url 2 
http://45.32.108.54:443/c0000012.log
Details Url 2 
http://45.61.139.38/vmwarexferlogs.exe
Details Url 2 
http://45.61.139.38/glib-2.0.dll
Details Url 2 
http://45.61.139.38/vmtools.ini
Details Url 2 
http://45.61.137.57:80