Hackers exploit critical VMware flaw to drop ransomware, miners
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Template Injection - T1221 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID d8cdc20f-07a3-4f6f-8f1f-53bece154a3b
Fingerprint 85268c0349a7bcc6
Analysis status DONE
Considered CTI value 1
Text language
Published Oct. 21, 2022, midnight
Added to db Feb. 17, 2023, 11:31 p.m.
Last updated Nov. 17, 2024, 6:31 p.m.
Headline Hackers exploit critical VMware flaw to drop ransomware, miners
Title Hackers exploit critical VMware flaw to drop ransomware, miners
Detected Hints/Tags/Attributes 55/1/10
Source URLs
Redirection Url
Details Source https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-flaw-to-drop-ransomware-miners/
URL Provider
Details Provider Source level domain
Details bleepingcomputer.com www.bleepingcomputer.com
Attributes
Details Type #Events CTI Value
Details CVE 42 
cve-2022-22954
Details Domain 2 
crustwebsites.net
Details File 14 
init.ps1
Details File 2 
phpupdate.exe
Details File 153 
config.json
Details File 1 
networkmanager.exe
Details File 1 
phpguard.exe
Details File 15 
clean.bat
Details File 7 
encrypt.exe
Details Threat Actor Identifier - APT 194 
APT35