SUSP_RANSOM_LNX_VmWare_ESX_Indicators_Oct22_1

Rule Info

Name
SUSP_RANSOM_LNX_VmWare_ESX_Indicators_Oct22_1
Author
Florian Roth
Description
Detects characteristics found in ransomware samples that are deployed on ESXi servers
Score
70
Reference
https://www.cisa.gov/uscert/ncas/alerts/aa22-294a
Date
2022-10-24
Minimum Yara
1.7
Rule Hash
55a72664bc24a72a0b2c384296911ed9
Tags
['RANSOM', 'SUSP', 'LINUX', 'FILE', 'CRIME']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_ransom_lnx_vmware_esx_indicators_oct22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
16
Suspicious (< 10 engines)
0
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-12-18 15:36:34
31
60
0196bd1cf4313168ae32452df9f6fd3c042973e93e22e80d9294c2f747cc2fdb
2024-11-29 21:27:03
29
65
ea286954eeecf0ea62087355cb6ef2dd86b82fc052b2c04dd16cb194938a5a67
2024-11-29 20:41:55
29
65
762247af84353ae282065dff569d72d1fe80b6d1434a76ecf1674d36918a2051
2024-11-29 20:39:16
29
65
d350ead5417e20bfef6b2d01758c1666f23c7483ae3e0ba3162925f9f7a637a8
2024-11-29 20:38:48
29
65
a8117dd0400456782e495300b94e76c1ad78b5a5ea76217ab90b1163e4162498
2024-11-29 20:37:49
29
65
595b32bcf3e672dc9fbf41853cf1eb050b4a4b251bea7d2e6ef256a797f43423
2024-11-29 20:37:38
29
65
ecc9f8b7214542caaa8bc2ef3d0243255b75665d82029147186fd85f2837b2b1
2024-11-29 20:31:30
29
65
c3aeb3dc0f84c72948deae81a3f7d523bc35e4f74ec1cc883bd9b4bd5e3bb99c
2024-11-29 20:30:39
29
65
0940306c27f00c14af497f4801cbd55241fd257a656244ab2426f873899db3a2
2024-11-29 20:20:41
29
65
9af2ebf3e358faa2c8bbcdfef21eac40b3355287792763f3ceeadb05cd3714cd
2024-11-29 20:20:31
29
65
d03584da9e1b0f18f423307cf2321f8ff589b9494f028e3bc35cd80e68fc3cd4
2024-10-25 17:11:30
31
65
34dcfdc7d4c450f98de26b0c48bc532a2eb42b058bd9244a7ee0059c3bd84873
2024-03-01 08:07:53
23
62
430cbf6d340e3b3ee92a0bca41c349071564a14fd31f810bd1b0702d5df75351
2023-09-21 19:38:32
0
62
8189c708706eb7302d7598aeee8cd6bdb048bf1a6dbe29c59e50f0a39fd53973
2022-12-29 01:27:49
40
64
0cd7b6ea8857ce827180342a1c955e79c3336a6cf2000244e5cfd4279c5fc1b6
2022-11-21 09:12:08
34
64
d7112a1e1c68c366c05bbede9dbe782bb434231f84e5a72a724cc8345d8d9d13
2022-11-17 09:09:35
39
64
10ab76cd6d6b50d26fde5fe54e8d80fceeb744de8dbafddff470939fac6a98c4

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022