ESXi-Targeting Ransomware: Tactics and Techniques (Part 2)
Tags
| attack-pattern: | Model Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | de613c54-0e67-4467-b8e9-e009d57e50f7 |
| Fingerprint | a704d09b3604a6de |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 2, 2022, midnight |
| Added to db | Dec. 21, 2022, 4:46 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | ESXi-Targeting Ransomware: Tactics and Techniques (Part 2) |
| Title | ESXi-Targeting Ransomware: Tactics and Techniques (Part 2) |
| Detected Hints/Tags/Attributes | 82/1/49 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 121 | ✔ | VMware Security Blog | https://feeds.feedburner.com/VmwareSecurityComplianceBlog | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | fcker.py |
|
| Details | Domain | 65 | blog.cyble.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 21 | blog.group-ib.com |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | Domain | 78 | securityaffairs.co |
|
| Details | Domain | 145 | threatpost.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 78 | socradar.io |
|
| Details | File | 2 | fcker.py |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 52 | bcrypt.dll |
|
| Details | File | 1 | sosemanuk.cpp |
|
| Details | File | 1 | revil-ransomware-linux.html |
|
| Details | File | 3 | darkside-linux-vms-targeted.html |
|
| Details | File | 3 | new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html |
|
| Details | File | 1 | analysis-and-impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html |
|
| Details | Github username | 2 | hildaboo |
|
| Details | Github username | 1 | maxamin |
|
| Details | sha1 | 1 | 91ad089f5259845141dfb10145271553aa711a2b |
|
| Details | sha256 | 1 | 0cd7b6ea8857ce827180342a1c955e79c3336a6cf2000244e5cfd4279c5fc1b6 |
|
| Details | sha256 | 3 | 3a08e3bfec2db5dbece359ac9662e65361a8625a0122e68b56cd5ef3aedf8ce1 |
|
| Details | sha256 | 1 | 039e1765de1cdec65ad5e49266ab794f8e5642adb0bdeb78d8c0b77e8b34ae09 |
|
| Details | sha256 | 2 | 95776f31cbcac08eb3f3e9235d07513a6d7a6bf9f1b7f3d400b2cf0afdb088a7 |
|
| Details | sha256 | 1 | dc90560d7198bf824b65ba2cfbe403d84d38113f41a1aa2f37f8d827fd9e0ceb |
|
| Details | sha256 | 3 | 6a0449a0b92dc1b17da219492487de824e86a25284f21e6e3af056fe3f4c4ec0 |
|
| Details | sha256 | 1 | 2e52494e776be6433c89d5853f02b536f7da56e94bbe86ae4cc782f85bed2c4b |
|
| Details | sha256 | 1 | 1cbbf108f44c8f4babde546d26425ca5340dccf878d306b90eb0fbec2f83ab51 |
|
| Details | sha256 | 2 | ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4 |
|
| Details | sha256 | 2 | 8f3db63f70fad912a3d5994e80ad9a6d1db6c38d119b38bc04890dfba4c4a2b2 |
|
| Details | sha256 | 4 | 0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef |
|
| Details | sha256 | 4 | 984ce69083f2865ce90b48569291982e786980aeef83345953276adfcbbeece8 |
|
| Details | sha256 | 3 | cb408d45762a628872fa782109e8fcfc3a5bf456074b007de21e9331bb3c5849 |
|
| Details | sha256 | 1 | 7594bf1d87d35b489545e283ef1785bb2e04637cc1ff1aca9b666dde70528e2b |
|
| Details | sha256 | 2 | f3a1576837ed56bcf79ff486aadf36e78d624853e9409ec1823a6f46fd0143ea |
|
| Details | Url | 1 | https://blog.cyble.com/2021/07/05/deep-dive-into-builder-of-notorious-babuk-ransomware |
|
| Details | Url | 2 | https://github.com/hildaboo/babukransomwaresourcecode |
|
| Details | Url | 1 | https://blog.cyble.com/2022/01/17/avoslocker-ransomware-linux-version-targets-vmware-esxi-servers |
|
| Details | Url | 1 | https://blog.group-ib.com/hive |
|
| Details | Url | 1 | https://news.sophos.com/en-us/2021/10/05/python-ransomware-script-targets-esxi-server-for-encryption |
|
| Details | Url | 1 | https://www.elastic.co/security-labs/luna-ransomware-attack-pattern |
|
| Details | Url | 1 | https://securityaffairs.co/wordpress/119497/cyber-crime/revil-ransomware-linux.html |
|
| Details | Url | 1 | https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883 |
|
| Details | Url | 3 | https://www.trendmicro.com/en_us/research/21/e/darkside-linux-vms-targeted.html |
|
| Details | Url | 1 | https://blog.reversinglabs.com/blog/gwisinlocker-ransomware-targets-south-korean-industrial-and-pharmaceutical-companies |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html |
|
| Details | Url | 1 | https://socradar.io/redalert-ransomware-targets-windows-and-linux-mware-esxi-servers |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/22/a/analysis-and-impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html |
|
| Details | Url | 1 | https://github.com/maxamin/conti_locker |