Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-19vmwareAbe Schneider, Bethany Hardin, Lavine Oluoch
@online{schneider:20220919:evolution:b793a9d, author = {Abe Schneider and Bethany Hardin and Lavine Oluoch}, title = {{The Evolution of the Chromeloader Malware}}, date = {2022-09-19}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html}, language = {English}, urldate = {2022-09-20} } The Evolution of the Chromeloader Malware
Choziosi
2022-08-19vmwareOleg Boyarchuk, Stefano Ortolani
@online{boyarchuk:20220819:how:a43d0e2, author = {Oleg Boyarchuk and Stefano Ortolani}, title = {{How to Replicate Emotet Lateral Movement}}, date = {2022-08-19}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/08/how-to-replicate-emotet-lateral-movement.html}, language = {English}, urldate = {2022-08-31} } How to Replicate Emotet Lateral Movement
Emotet
2022-07-22vmwareSneha Shekar
@online{shekar:20220722:how:284bd51, author = {Sneha Shekar}, title = {{How Push Notifications are Abused to Deliver Fraudulent Links}}, date = {2022-07-22}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/07/how-push-notifications-are-abused-to-deliver-fraudulent-links.html}, language = {English}, urldate = {2022-08-31} } How Push Notifications are Abused to Deliver Fraudulent Links
2022-07-05Bleeping ComputerLawrence Abrams
@online{abrams:20220705:new:6189686, author = {Lawrence Abrams}, title = {{New RedAlert Ransomware targets Windows, Linux VMware ESXi servers}}, date = {2022-07-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/new-redalert-ransomware-targets-windows-linux-vmware-esxi-servers/}, language = {English}, urldate = {2022-07-13} } New RedAlert Ransomware targets Windows, Linux VMware ESXi servers
RedAlert Ransomware
2022-06-29vmwareStefano Ortolani, Giovanni Vigna
@online{ortolani:20220629:lateral:2da51bb, author = {Stefano Ortolani and Giovanni Vigna}, title = {{Lateral Movement in the Real World: A Quantitative Analysis}}, date = {2022-06-29}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/06/lateral-movement-in-the-real-world-a-quantitative-analysis.html}, language = {English}, urldate = {2022-08-31} } Lateral Movement in the Real World: A Quantitative Analysis
2022-05-25vmwareOleg Boyarchuk, Stefano Ortolani
@online{boyarchuk:20220525:emotet:ada82ac, author = {Oleg Boyarchuk and Stefano Ortolani}, title = {{Emotet Config Redux}}, date = {2022-05-25}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/05/emotet-config-redux.html}, language = {English}, urldate = {2022-05-29} } Emotet Config Redux
Emotet
2022-05-20Palo Alto Networks Unit 42Ruchna Nigam
@online{nigam:20220520:threat:b0d781e, author = {Ruchna Nigam}, title = {{Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)}}, date = {2022-05-20}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/}, language = {English}, urldate = {2023-08-28} } Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)
Bashlite Mirai PerlBot
2022-05-16vmwareOleg Boyarchuk, Stefano Ortolani, Jason Zhang, Threat Analysis Unit
@online{boyarchuk:20220516:emotet:6392ff3, author = {Oleg Boyarchuk and Stefano Ortolani and Jason Zhang and Threat Analysis Unit}, title = {{Emotet Moves to 64 bit and Updates its Loader}}, date = {2022-05-16}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/05/emotet-moves-to-64-bit-and-updates-its-loader.html}, language = {English}, urldate = {2022-05-17} } Emotet Moves to 64 bit and Updates its Loader
Emotet
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:f0328ef, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility}, language = {English}, urldate = {2022-07-25} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit BRONZE STARLIGHT
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:da3d5d1, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/}, language = {English}, urldate = {2022-04-29} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit
2022-04-25vmwareDarshan Rana
@online{rana:20220425:serpent:c60d8fd, author = {Darshan Rana}, title = {{Serpent – The Backdoor that Hides in Plain Sight}}, date = {2022-04-25}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/04/serpent-the-backdoor-that-hides-in-plain-sight.html}, language = {English}, urldate = {2022-05-03} } Serpent – The Backdoor that Hides in Plain Sight
Serpent
2022-04-25MorphisecMorphisec Labs
@online{labs:20220425:new:7b1c795, author = {Morphisec Labs}, title = {{New Core Impact Backdoor Delivered Via VMware Vulnerability}}, date = {2022-04-25}, organization = {Morphisec}, url = {https://blog.morphisec.com/vmware-identity-manager-attack-backdoor}, language = {English}, urldate = {2022-04-29} } New Core Impact Backdoor Delivered Via VMware Vulnerability
Cobalt Strike JSSLoader
2022-04-12vmwareSudhir Devkar
@online{devkar:20220412:ruransom:c9abdbd, author = {Sudhir Devkar}, title = {{RuRansom – A Retaliatory Wiper}}, date = {2022-04-12}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/04/ruransom-a-retaliatory-wiper.html}, language = {English}, urldate = {2022-05-04} } RuRansom – A Retaliatory Wiper
RURansom
2022-04-01The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220401:chinese:0b445c6, author = {Ravie Lakshmanan}, title = {{Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit}}, date = {2022-04-01}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/04/chinese-hackers-target-vmware-horizon.html}, language = {English}, urldate = {2022-04-04} } Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit
Fire Chili Ghost RAT
2022-03-29vmwareOleg Boyarchuk, Jason Zhang, Threat Analysis Unit
@online{boyarchuk:20220329:emotet:18b143b, author = {Oleg Boyarchuk and Jason Zhang and Threat Analysis Unit}, title = {{Emotet C2 Configuration Extraction and Analysis}}, date = {2022-03-29}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/03/emotet-c2-configuration-extraction-and-analysis.html}, language = {English}, urldate = {2022-04-04} } Emotet C2 Configuration Extraction and Analysis
Emotet
2022-03-27Bleeping ComputerLawrence Abrams
@online{abrams:20220327:hive:4b2408f, author = {Lawrence Abrams}, title = {{Hive ransomware ports its Linux VMware ESXi encryptor to Rust}}, date = {2022-03-27}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/hive-ransomware-ports-its-linux-vmware-esxi-encryptor-to-rust/}, language = {English}, urldate = {2022-03-29} } Hive ransomware ports its Linux VMware ESXi encryptor to Rust
BlackCat Hive Hive
2022-03-23vmwareSagar Daundkar, Threat Analysis Unit
@online{daundkar:20220323:sysjoker:d8a1ba0, author = {Sagar Daundkar and Threat Analysis Unit}, title = {{SysJoker – An Analysis of a Multi-OS RAT}}, date = {2022-03-23}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/03/%e2%80%afsysjoker-an-analysis-of-a-multi-os-rat.html}, language = {English}, urldate = {2022-04-04} } SysJoker – An Analysis of a Multi-OS RAT
SysJoker SysJoker SysJoker
2022-03-09eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220309:exploitation:83cd523, author = {eSentire Threat Response Unit (TRU)}, title = {{Exploitation of VMware Horizon Servers by TunnelVision Threat Actor}}, date = {2022-03-09}, organization = {eSentire}, url = {https://www.esentire.com/blog/exploitation-of-vmware-horizon-servers-by-tunnelvision-threat-actor}, language = {English}, urldate = {2023-09-17} } Exploitation of VMware Horizon Servers by TunnelVision Threat Actor
Drokbk
2022-03-04vmwareGiovanni Vigna, Oleg Boyarchuk, Stefano Ortolani, Threat Analysis Unit
@online{vigna:20220304:hermetic:78d4550, author = {Giovanni Vigna and Oleg Boyarchuk and Stefano Ortolani and Threat Analysis Unit}, title = {{Hermetic Malware: Multi-component Threat Targeting Ukraine Organizations}}, date = {2022-03-04}, organization = {vmware}, url = {https://blogs.vmware.com/networkvirtualization/2022/03/hermetic-malware-multi-component-threat-targeting-ukraine-organizations.html/}, language = {English}, urldate = {2022-03-22} } Hermetic Malware: Multi-component Threat Targeting Ukraine Organizations
HermeticWiper
2022-02-25vmwareSudhir Devkar, Threat Analysis Unit
@online{devkar:20220225:avoslocker:4a19530, author = {Sudhir Devkar and Threat Analysis Unit}, title = {{AvosLocker – Modern Linux Ransomware Threats}}, date = {2022-02-25}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/02/avoslocker-modern-linux-ransomware-threats.html}, language = {English}, urldate = {2022-03-22} } AvosLocker – Modern Linux Ransomware Threats
Avoslocker