Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide
Tags
| country: | France |
| attack-pattern: | Data Cron - T1053.003 Exploits - T1587.004 Exploits - T1588.005 Python - T1059.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 |
Common Information
| Type | Value |
|---|---|
| UUID | f75aafb4-620b-4e6c-aeb4-e5030232d928 |
| Fingerprint | b7c2281b8443ac4a |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Feb. 3, 2023, midnight |
| Added to db | Feb. 18, 2023, 1:53 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide |
| Title | Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide |
| Detected Hints/Tags/Attributes | 49/2/13 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 66 | cve-2021-21974 |
|
| Details | Domain | 9 | encrypt.sh |
|
| Details | Domain | 9 | vmtools.py |
|
| Details | Domain | 5 | hostd-probe.sh |
|
| Details | Domain | 9 | local.sh |
|
| Details | Domain | 2 | auto-backup.sh |
|
| Details | File | 5 | ransom.html |
|
| Details | File | 17 | files.html |
|
| Details | File | 816 | index.html |
|
| Details | File | 12 | index1.html |
|
| Details | File | 2 | '.vmdk |
|
| Details | File | 1 | '1.vmdk |
|
| Details | File | 9 | vmtools.py |