Python ransomware script targets ESXi server for encryption
Tags
attack-pattern: Data Credentials - T1589.001 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Python - T1059.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Tool - T1588.002 Hypervisor - T1062
Show in Graph
Common Information
Type Value
UUID d419dcc6-b28b-4c86-b978-8bb8f39c2bec
Fingerprint 3e832c09ac15e2ca
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 5, 2021, 4:35 p.m.
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Sept. 2, 2024, 8:28 p.m.
Headline Python ransomware script targets ESXi server for encryption
Title Python ransomware script targets ESXi server for encryption
Detected Hints/Tags/Attributes 42/1/5
Source URLs
Redirection Url
Details Source https://news.sophos.com/en-us/2021/10/05/python-ransomware-script-targets-esxi-server-for-encryption/
URL Provider
Details Provider Source level domain
Details sophos.com news.sophos.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
fcker.py
Details Domain 1 
execution.in
Details File 2 
fcker.py
Details File 1 
vms.txt
Details File 2 
pubkey.txt