Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-12vmwareSudhir Devkar
@online{devkar:20220412:ruransom:c9abdbd, author = {Sudhir Devkar}, title = {{RuRansom – A Retaliatory Wiper}}, date = {2022-04-12}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/04/ruransom-a-retaliatory-wiper.html}, language = {English}, urldate = {2022-05-04} } RuRansom – A Retaliatory Wiper
RURansom
2022-04-01The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220401:chinese:0b445c6, author = {Ravie Lakshmanan}, title = {{Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit}}, date = {2022-04-01}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/04/chinese-hackers-target-vmware-horizon.html}, language = {English}, urldate = {2022-04-04} } Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit
Fire Chili Ghost RAT
2022-03-29vmwareOleg Boyarchuk, Jason Zhang, Threat Analysis Unit
@online{boyarchuk:20220329:emotet:18b143b, author = {Oleg Boyarchuk and Jason Zhang and Threat Analysis Unit}, title = {{Emotet C2 Configuration Extraction and Analysis}}, date = {2022-03-29}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/03/emotet-c2-configuration-extraction-and-analysis.html}, language = {English}, urldate = {2022-04-04} } Emotet C2 Configuration Extraction and Analysis
Emotet
2022-03-27Bleeping ComputerLawrence Abrams
@online{abrams:20220327:hive:4b2408f, author = {Lawrence Abrams}, title = {{Hive ransomware ports its Linux VMware ESXi encryptor to Rust}}, date = {2022-03-27}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/hive-ransomware-ports-its-linux-vmware-esxi-encryptor-to-rust/}, language = {English}, urldate = {2022-03-29} } Hive ransomware ports its Linux VMware ESXi encryptor to Rust
BlackCat Hive Hive
2022-03-23vmwareSagar Daundkar, Threat Analysis Unit
@online{daundkar:20220323:sysjoker:d8a1ba0, author = {Sagar Daundkar and Threat Analysis Unit}, title = {{SysJoker – An Analysis of a Multi-OS RAT}}, date = {2022-03-23}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/03/%e2%80%afsysjoker-an-analysis-of-a-multi-os-rat.html}, language = {English}, urldate = {2022-04-04} } SysJoker – An Analysis of a Multi-OS RAT
SysJoker SysJoker SysJoker
2022-03-09eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220309:exploitation:83cd523, author = {eSentire Threat Response Unit (TRU)}, title = {{Exploitation of VMware Horizon Servers by TunnelVision Threat Actor}}, date = {2022-03-09}, organization = {eSentire}, url = {https://www.esentire.com/blog/exploitation-of-vmware-horizon-servers-by-tunnelvision-threat-actor}, language = {English}, urldate = {2022-05-23} } Exploitation of VMware Horizon Servers by TunnelVision Threat Actor
2022-03-04vmwareGiovanni Vigna, Oleg Boyarchuk, Stefano Ortolani, Threat Analysis Unit
@online{vigna:20220304:hermetic:78d4550, author = {Giovanni Vigna and Oleg Boyarchuk and Stefano Ortolani and Threat Analysis Unit}, title = {{Hermetic Malware: Multi-component Threat Targeting Ukraine Organizations}}, date = {2022-03-04}, organization = {vmware}, url = {https://blogs.vmware.com/networkvirtualization/2022/03/hermetic-malware-multi-component-threat-targeting-ukraine-organizations.html/}, language = {English}, urldate = {2022-03-22} } Hermetic Malware: Multi-component Threat Targeting Ukraine Organizations
HermeticWiper
2022-02-25vmwareSudhir Devkar, Threat Analysis Unit
@online{devkar:20220225:avoslocker:4a19530, author = {Sudhir Devkar and Threat Analysis Unit}, title = {{AvosLocker – Modern Linux Ransomware Threats}}, date = {2022-02-25}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/02/avoslocker-modern-linux-ransomware-threats.html}, language = {English}, urldate = {2022-03-22} } AvosLocker – Modern Linux Ransomware Threats
Avoslocker
2022-02-17SentinelOneAmitai Ben, Shushan Ehrlich
@online{ben:20220217:log4j2:aa3e992, author = {Amitai Ben and Shushan Ehrlich}, title = {{Log4j2 In The Wild | Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon}}, date = {2022-02-17}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/}, language = {English}, urldate = {2022-02-19} } Log4j2 In The Wild | Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon
2022-02-09vmwareVMWare
@techreport{vmware:20220209:exposing:7b5f76e, author = {VMWare}, title = {{Exposing Malware in Linux-Based Multi-Cloud Environments}}, date = {2022-02-09}, institution = {vmware}, url = {https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-exposing-malware-in-linux-based-multi-cloud-environments.pdf}, language = {English}, urldate = {2022-02-10} } Exposing Malware in Linux-Based Multi-Cloud Environments
ACBackdoor BlackMatter DarkSide Erebus HelloKitty Kinsing PLEAD QNAPCrypt RansomEXX REvil Sysrv-hello TeamTNT Vermilion Strike Cobalt Strike
2022-02-07vmwareJason Zhang, Threat Analysis Unit
@online{zhang:20220207:emotet:e89deeb, author = {Jason Zhang and Threat Analysis Unit}, title = {{Emotet Is Not Dead (Yet) – Part 2}}, date = {2022-02-07}, organization = {vmware}, url = {https://blogs.vmware.com/networkvirtualization/2022/02/emotet-is-not-dead-yet-part-2.html/}, language = {English}, urldate = {2022-02-10} } Emotet Is Not Dead (Yet) – Part 2
Emotet
2022-01-27vmwareVMWare
@online{vmware:20220127:blacksun:d90d8d8, author = {VMWare}, title = {{BlackSun Ransomware – The Dark Side of PowerShell}}, date = {2022-01-27}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/01/blacksun-ransomware-the-dark-side-of-powershell.html}, language = {English}, urldate = {2022-02-01} } BlackSun Ransomware – The Dark Side of PowerShell
BlackSun
2022-01-24Trend MicroJunestherry Dela Cruz
@online{cruz:20220124:analysis:5807286, author = {Junestherry Dela Cruz}, title = {{Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant}}, date = {2022-01-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html}, language = {English}, urldate = {2022-01-25} } Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
LockBit LockBit
2022-01-21vmwareJason Zhang, Threat Analysis Unit
@online{zhang:20220121:emotet:bdb4508, author = {Jason Zhang and Threat Analysis Unit}, title = {{Emotet Is Not Dead (Yet)}}, date = {2022-01-21}, organization = {vmware}, url = {https://blogs.vmware.com/networkvirtualization/2022/01/emotet-is-not-dead-yet.html/}, language = {English}, urldate = {2022-02-10} } Emotet Is Not Dead (Yet)
Emotet
2022-01-20MorphisecMichael Gorelik
@online{gorelik:20220120:log4j:99fd2e0, author = {Michael Gorelik}, title = {{Log4j Exploit Hits Again: Vulnerable VMWare Horizon Servers at Risk}}, date = {2022-01-20}, organization = {Morphisec}, url = {https://blog.morphisec.com/log4j-exploit-hits-again-vulnerable-vmware-horizon-servers-at-risk}, language = {English}, urldate = {2022-01-25} } Log4j Exploit Hits Again: Vulnerable VMWare Horizon Servers at Risk
Cobalt Strike
2022-01-17CybleincCyble
@online{cyble:20220117:avoslocker:e72ac8a, author = {Cyble}, title = {{AvosLocker Ransomware Linux Version Targets VMware ESXi Servers}}, date = {2022-01-17}, organization = {Cybleinc}, url = {https://blog.cyble.com/2022/01/17/avoslocker-ransomware-linux-version-targets-vmware-esxi-servers/}, language = {English}, urldate = {2022-02-01} } AvosLocker Ransomware Linux Version Targets VMware ESXi Servers
Avoslocker AvosLocker
2022-01-15Huntress LabsTeam Huntress
@online{huntress:20220115:threat:cb103f0, author = {Team Huntress}, title = {{Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)}}, date = {2022-01-15}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike}, language = {English}, urldate = {2022-03-07} } Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)
Cobalt Strike
2022-01-11Twitter (@cglyer)Christopher Glyer
@online{glyer:20220111:thread:ae5ec3d, author = {Christopher Glyer}, title = {{Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware}}, date = {2022-01-11}, organization = {Twitter (@cglyer)}, url = {https://twitter.com/cglyer/status/1480742363991580674}, language = {English}, urldate = {2022-01-25} } Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware
Cobalt Strike NightSky
2021-12-23vmwareThreat Analysis Unit
@online{unit:20211223:introducing:5593554, author = {Threat Analysis Unit}, title = {{Introducing DARTH: Distributed Analysis for Research and Threat Hunting}}, date = {2021-12-23}, organization = {vmware}, url = {https://blogs.vmware.com/networkvirtualization/2021/12/introducing-darth-distributed-analysis-for-research-and-threat-hunting.html/}, language = {English}, urldate = {2022-02-10} } Introducing DARTH: Distributed Analysis for Research and Threat Hunting
2021-12-03vmwareVMWare
@online{vmware:20211203:tigerrat:3388e2c, author = {VMWare}, title = {{TigerRAT – Advanced Adversaries on the Prowl}}, date = {2021-12-03}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/12/tigerrat-advanced-adversaries-on-the-prowl.html}, language = {English}, urldate = {2021-12-06} } TigerRAT – Advanced Adversaries on the Prowl
Tiger RAT