Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-29BleepingComputerLawrence Abrams
@online{abrams:20230729:linux:4a94420, author = {Lawrence Abrams}, title = {{Linux version of Abyss Locker ransomware targets VMware ESXi servers}}, date = {2023-07-29}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/linux-version-of-abyss-locker-ransomware-targets-vmware-esxi-servers/}, language = {English}, urldate = {2023-08-03} } Linux version of Abyss Locker ransomware targets VMware ESXi servers
Abyss Locker
2023-06-28vmwareDeborah Snyder, Fae Carlisle, Dana Behling, Bria Beathley
@online{snyder:20230628:8base:6caf8b6, author = {Deborah Snyder and Fae Carlisle and Dana Behling and Bria Beathley}, title = {{8Base Ransomware: A Heavy Hitting Player}}, date = {2023-06-28}, organization = {vmware}, url = {https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html}, language = {English}, urldate = {2023-08-03} } 8Base Ransomware: A Heavy Hitting Player
8Base Phobos SmokeLoader SystemBC
2023-06-28MandiantAlexander Marvi, Greg Blaum, Ron Craft
@online{marvi:20230628:detection:4a20fad, author = {Alexander Marvi and Greg Blaum and Ron Craft}, title = {{Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts}}, date = {2023-06-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/vmware-detection-containment-hardening}, language = {English}, urldate = {2023-07-31} } Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts
2023-06-13MandiantAlexander Marvi, BRAD SLAYBAUGH, Ron Craft, Rufus Brown
@online{marvi:20230613:vmware:ab644e2, author = {Alexander Marvi and BRAD SLAYBAUGH and Ron Craft and Rufus Brown}, title = {{VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors (UNC3886)}}, date = {2023-06-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass}, language = {English}, urldate = {2023-07-31} } VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors (UNC3886)
2023-06-01vmwareFae Carlisle
@online{carlisle:20230601:carbon:a215566, author = {Fae Carlisle}, title = {{Carbon Black’s TrueBot Detection}}, date = {2023-06-01}, organization = {vmware}, url = {https://blogs.vmware.com/security/2023/06/carbon-blacks-truebot-detection.html}, language = {English}, urldate = {2023-07-13} } Carbon Black’s TrueBot Detection
Silence
2023-03-31vmwareThreat Analysis Unit
@online{unit:20230331:investigating:bf45200, author = {Threat Analysis Unit}, title = {{Investigating 3CX Desktop Application Attacks: What You Need to Know}}, date = {2023-03-31}, organization = {vmware}, url = {https://blogs.vmware.com/security/2023/03/investigating-3cx-desktop-application-attacks-what-you-need-to-know.html}, language = {English}, urldate = {2023-04-02} } Investigating 3CX Desktop Application Attacks: What You Need to Know
3CX Backdoor
2023-02-03Bleeping ComputerSergiu Gatlan
@online{gatlan:20230203:massive:23e9bbc, author = {Sergiu Gatlan}, title = {{Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide}}, date = {2023-02-03}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/}, language = {English}, urldate = {2023-02-09} } Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide
ESXiArgs
2023-02-03OVHcloudJulien Levrard
@online{levrard:20230203:ransomware:928b750, author = {Julien Levrard}, title = {{Ransomware targeting VMware ESXi}}, date = {2023-02-03}, organization = {OVHcloud}, url = {https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/}, language = {English}, urldate = {2023-02-06} } Ransomware targeting VMware ESXi
ESXiArgs
2022-11-21vmwareThreat Analysis Unit
@online{unit:20221121:threat:7972abc, author = {Threat Analysis Unit}, title = {{Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)}}, date = {2022-11-21}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html}, language = {English}, urldate = {2022-11-28} } Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)
Dacls
2022-11-14vmwareBethany Hardin, Lavine Oluoch, Tatiana Vollbrecht, Deborah Snyder, Nikki Benoit
@online{hardin:20221114:batloader:879d974, author = {Bethany Hardin and Lavine Oluoch and Tatiana Vollbrecht and Deborah Snyder and Nikki Benoit}, title = {{BATLOADER: The Evasive Downloader Malware}}, date = {2022-11-14}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html}, language = {English}, urldate = {2022-11-28} } BATLOADER: The Evasive Downloader Malware
BATLOADER
2022-10-25VMware Threat Analysis UnitTakahiro Haruyama
@techreport{haruyama:20221025:tracking:1f60260, author = {Takahiro Haruyama}, title = {{Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning}}, date = {2022-10-25}, institution = {VMware Threat Analysis Unit}, url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2022/slides/VB2022-Tracking-the-entire-iceberg.pdf}, language = {English}, urldate = {2022-11-01} } Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2022-10-20FortinetCara Lin
@online{lin:20221020:mirai:6945658, author = {Cara Lin}, title = {{Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability}}, date = {2022-10-20}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/multiple-malware-campaigns-target-vmware-vulnerability}, language = {English}, urldate = {2022-11-21} } Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
Mirai
2022-10-15vmwareDana Behling
@online{behling:20221015:lockbit:b6ba83c, author = {Dana Behling}, title = {{LockBit 3.0 Ransomware Unlocked}}, date = {2022-10-15}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/10/lockbit-3-0-also-known-as-lockbit-black.html}, language = {English}, urldate = {2022-10-24} } LockBit 3.0 Ransomware Unlocked
LockBit
2022-10-03vmwareThreat Analysis Unit
@techreport{unit:20221003:emotet:94323dc, author = {Threat Analysis Unit}, title = {{Emotet Exposed: A Look Inside the Cybercriminal Supply Chain}}, date = {2022-10-03}, institution = {vmware}, url = {https://www.vmware.com/content/dam/learn/en/amer/fy23/pdf/1669005_Emotet_Exposed_A_Look_Inside_the_Cybercriminal_Supply_Chain.pdf}, language = {English}, urldate = {2022-10-24} } Emotet Exposed: A Look Inside the Cybercriminal Supply Chain
Emotet
2022-09-28vmwareGiovanni Vigna
@online{vigna:20220928:esxitargeting:bd1ce9a, author = {Giovanni Vigna}, title = {{ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)}}, date = {2022-09-28}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html}, language = {English}, urldate = {2022-10-10} } ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)
Avoslocker Babuk Black Basta BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit Luna RansomEXX RedAlert Ransomware REvil
2022-09-20vmwareDana Behling
@online{behling:20220920:threat:8e95f5a, author = {Dana Behling}, title = {{Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware}}, date = {2022-09-20}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/threat-research-new-method-of-volume-shadow-backup-deletion-seen-in-recent-ransomware.html}, language = {English}, urldate = {2022-09-26} } Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware
2022-09-20vmwareDana Behling
@online{behling:20220920:threat:099a73a, author = {Dana Behling}, title = {{Threat Report: Illuminating Volume Shadow Deletion}}, date = {2022-09-20}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/threat-report-illuminating-volume-shadow-deletion.html}, language = {English}, urldate = {2022-09-26} } Threat Report: Illuminating Volume Shadow Deletion
Conti HelloKitty
2022-09-19vmwareAbe Schneider, Bethany Hardin, Lavine Oluoch
@online{schneider:20220919:evolution:b793a9d, author = {Abe Schneider and Bethany Hardin and Lavine Oluoch}, title = {{The Evolution of the Chromeloader Malware}}, date = {2022-09-19}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html}, language = {English}, urldate = {2022-09-20} } The Evolution of the Chromeloader Malware
Choziosi
2022-08-19vmwareOleg Boyarchuk, Stefano Ortolani
@online{boyarchuk:20220819:how:a43d0e2, author = {Oleg Boyarchuk and Stefano Ortolani}, title = {{How to Replicate Emotet Lateral Movement}}, date = {2022-08-19}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/08/how-to-replicate-emotet-lateral-movement.html}, language = {English}, urldate = {2022-08-31} } How to Replicate Emotet Lateral Movement
Emotet
2022-07-22vmwareSneha Shekar
@online{shekar:20220722:how:284bd51, author = {Sneha Shekar}, title = {{How Push Notifications are Abused to Deliver Fraudulent Links}}, date = {2022-07-22}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/07/how-push-notifications-are-abused-to-deliver-fraudulent-links.html}, language = {English}, urldate = {2022-08-31} } How Push Notifications are Abused to Deliver Fraudulent Links