Earlier this year, researchers identified a novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines. This malware ecosystem was initially detected during an intrusion investigation when they identified attacker commands sourced from the legitimate VMware Tools process on a Windows virtual machine hosted on a VMware ESXi hypervisor.
MALWARE FAMILIES: VIRTUALPIE, VIRTUALPITA
ATT&CK IDS: T1036 - Masquerading, T1003 - OS Credential Dumping, T1016 - System Network Configuration Discovery, T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1202 - Indirect Command Execution, T1218 - Signed Binary Proxy Execution, T1497 - Virtualization/Sandbox Evasion, T1547 - Boot or Logon Autostart Execution, T1560 - Archive Collected Data, T1573 - Encrypted Channel
Read More:
Comentarios