Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-11Twitter (@cglyer)Christopher Glyer
@online{glyer:20220111:thread:ae5ec3d, author = {Christopher Glyer}, title = {{Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware}}, date = {2022-01-11}, organization = {Twitter (@cglyer)}, url = {https://twitter.com/cglyer/status/1480742363991580674}, language = {English}, urldate = {2022-01-18} } Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware
NightSky
2021-12-03vmwareVMWare
@online{vmware:20211203:tigerrat:3388e2c, author = {VMWare}, title = {{TigerRAT – Advanced Adversaries on the Prowl}}, date = {2021-12-03}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/12/tigerrat-advanced-adversaries-on-the-prowl.html}, language = {English}, urldate = {2021-12-06} } TigerRAT – Advanced Adversaries on the Prowl
Tiger RAT
2021-11-16vmwareTakahiro Haruyama
@online{haruyama:20211116:monitoring:e4ca54e, author = {Takahiro Haruyama}, title = {{Monitoring Winnti 4.0 C2 Servers for Two Years}}, date = {2021-11-16}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/11/monitoring-winnti-4-0-c2-servers-for-two-years.html}, language = {English}, urldate = {2021-11-17} } Monitoring Winnti 4.0 C2 Servers for Two Years
Winnti
2021-09-21vmwareBob Plankers
@online{plankers:20210921:vmsa20210020:03f2366, author = {Bob Plankers}, title = {{VMSA-2021-0020: What You Need to Know (CVE-2021-22005)}}, date = {2021-09-21}, organization = {vmware}, url = {https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html}, language = {English}, urldate = {2021-09-28} } VMSA-2021-0020: What You Need to Know (CVE-2021-22005)
2021-08-05Bleeping ComputerLawrence Abrams
@online{abrams:20210805:linux:d6e65f8, author = {Lawrence Abrams}, title = {{Linux version of BlackMatter ransomware targets VMware ESXi servers}}, date = {2021-08-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/}, language = {English}, urldate = {2021-08-09} } Linux version of BlackMatter ransomware targets VMware ESXi servers
BlackMatter
2021-07-26vmwareQuentin Fois, Pavankumar Chaudhari
@online{fois:20210726:hunting:ff1181b, author = {Quentin Fois and Pavankumar Chaudhari}, title = {{Hunting IcedID and unpacking automation with Qiling}}, date = {2021-07-26}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/07/hunting-icedid-and-unpacking-automation-with-qiling.html}, language = {English}, urldate = {2021-07-27} } Hunting IcedID and unpacking automation with Qiling
IcedID
2021-07-15Bleeping ComputerLawrence Abrams
@online{abrams:20210715:linux:87987af, author = {Lawrence Abrams}, title = {{Linux version of HelloKitty ransomware targets VMware ESXi servers}}, date = {2021-07-15}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/}, language = {English}, urldate = {2021-08-06} } Linux version of HelloKitty ransomware targets VMware ESXi servers
HelloKitty
2021-07-08vmwareQuentin Fois, Pavankumar Chaudhari
@online{fois:20210708:icedid:47da76d, author = {Quentin Fois and Pavankumar Chaudhari}, title = {{IcedID: Analysis and Detection}}, date = {2021-07-08}, organization = {vmware}, url = {https://blogs.vmware.com/security/2021/07/icedid-analysis-and-detection.html}, language = {English}, urldate = {2021-07-20} } IcedID: Analysis and Detection
IcedID
2021-07-01ThreatpostTom Spring
@online{spring:20210701:linux:2584acf, author = {Tom Spring}, title = {{Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices}}, date = {2021-07-01}, organization = {Threatpost}, url = {https://threatpost.com/linux-variant-ransomware-vmwares-nas/167511/}, language = {English}, urldate = {2021-07-02} } Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices
REvil
2021-06-04Bleeping ComputerSergiu Gatlan
@online{gatlan:20210604:freakout:0ccc055, author = {Sergiu Gatlan}, title = {{FreakOut malware worms its way into vulnerable VMware servers}}, date = {2021-06-04}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/freakout-malware-worms-its-way-into-vulnerable-vmware-servers/}, language = {English}, urldate = {2021-06-16} } FreakOut malware worms its way into vulnerable VMware servers
N3Cr0m0rPh
2021-03-29VMWare Carbon BlackJason Zhang, Oleg Boyarchuk, Giovanni Vigna
@online{zhang:20210329:dridex:7692f65, author = {Jason Zhang and Oleg Boyarchuk and Giovanni Vigna}, title = {{Dridex Reloaded: Analysis of a New Dridex Campaign}}, date = {2021-03-29}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/networkvirtualization/2021/03/analysis-of-a-new-dridex-campaign.html/}, language = {English}, urldate = {2021-04-09} } Dridex Reloaded: Analysis of a New Dridex Campaign
Dridex
2021-03-25VMWare Carbon BlackThreat Analysis Unit, Baibhav Singh, Giovanni Vigna
@online{unit:20210325:memory:6fb3ce4, author = {Threat Analysis Unit and Baibhav Singh and Giovanni Vigna}, title = {{Memory Forensics for Virtualized Hosts}}, date = {2021-03-25}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/networkvirtualization/2021/03/memory-forensics-for-virtualized-hosts.html/?src=so_601c8a71b87d7&cid=7012H000001YsJA}, language = {English}, urldate = {2021-04-09} } Memory Forensics for Virtualized Hosts
2021-02-24VMWare Carbon BlackTakahiro Haruyama
@techreport{haruyama:20210224:knock:f4903a2, author = {Takahiro Haruyama}, title = {{Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation}}, date = {2021-02-24}, institution = {VMWare Carbon Black}, url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_201_haruyama_jp.pdf}, language = {Japanese}, urldate = {2021-02-26} } Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation
Cobalt Strike
2020-12-21US Court of Appeals for the Ninth CourtMicrosoft, Google, Cisco, Github, LinkedIn, VMWare, Internet Association, WhatsApp
@techreport{microsoft:20201221:case:eb6d265, author = {Microsoft and Google and Cisco and Github and LinkedIn and VMWare and Internet Association and WhatsApp}, title = {{Case: 20-16408: WhatsApp et al. vs NSO Group}}, date = {2020-12-21}, institution = {US Court of Appeals for the Ninth Court}, url = {https://blogs.microsoft.com/wp-content/uploads/prod/sites/5/2020/12/NSO-v.-WhatsApp-Amicus-Brief-Microsoft-et-al.-as-filed.pdf}, language = {English}, urldate = {2020-12-23} } Case: 20-16408: WhatsApp et al. vs NSO Group
2020-12-07NSANSA
@techreport{nsa:20201207:russian:9dbda97, author = {NSA}, title = {{Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials}}, date = {2020-12-07}, institution = {NSA}, url = {https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF}, language = {English}, urldate = {2020-12-08} } Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials
2020-07-24VMWare Carbon BlackAndrew Costis
@online{costis:20200724:tau:2730a2c, author = {Andrew Costis}, title = {{TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves}}, date = {2020-07-24}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/blog/tau-threat-discovery-cryptocurrency-clipper-malware-evolves/}, language = {English}, urldate = {2020-08-05} } TAU Threat Discovery: Cryptocurrency Clipper Malware Evolves
Poulight Stealer
2020-07-08VMWare Carbon BlackBrian Baskin
@online{baskin:20200708:tau:4b05a00, author = {Brian Baskin}, title = {{TAU Threat Discovery: Conti Ransomware}}, date = {2020-07-08}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/}, language = {English}, urldate = {2020-07-08} } TAU Threat Discovery: Conti Ransomware
Conti
2020-06-15VMWare Carbon BlackA C
@online{c:20200615:tau:c60e41f, author = {A C}, title = {{TAU Threat Analysis: Relations to Hakbit Ransomware}}, date = {2020-06-15}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/06/15/tau-threat-analysis-relations-to-hakbit-ransomware/}, language = {English}, urldate = {2020-06-16} } TAU Threat Analysis: Relations to Hakbit Ransomware
Hakbit
2020-06-08VMWare Carbon BlackA C
@online{c:20200608:tau:f5b25ff, author = {A C}, title = {{TAU Threat Analysis: Hakbit Ransomware}}, date = {2020-06-08}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/06/08/tau-threat-analysis-hakbit-ransomware/}, language = {English}, urldate = {2020-06-10} } TAU Threat Analysis: Hakbit Ransomware
Hakbit
2020-06-03VMWare Carbon BlackBrian Baskin
@online{baskin:20200603:medusa:8d92754, author = {Brian Baskin}, title = {{Medusa Locker Ransomware}}, date = {2020-06-03}, organization = {VMWare Carbon Black}, url = {https://www.carbonblack.com/2020/06/03/tau-threat-analyis-medusa-locker-ransomware/}, language = {English}, urldate = {2020-06-04} } Medusa Locker Ransomware
MedusaLocker