SUSP_RANSOM_LNX_VmWare_ESX_Indicators_Oct22_1

Rule Info

Name
SUSP_RANSOM_LNX_VmWare_ESX_Indicators_Oct22_1
Author
Florian Roth
Description
Detects characteristics found in ransomware samples that are deployed on ESXi servers
Score
70
Reference
https://www.cisa.gov/uscert/ncas/alerts/aa22-294a
Date
2022-10-24
Minimum Yara
1.7
Rule Hash
55a72664bc24a72a0b2c384296911ed9
Tags
['LINUX', 'FILE', 'CRIME', 'RANSOM', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_ransom_lnx_vmware_esx_indicators_oct22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
0
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-03-01 08:07:53
23
62
430cbf6d340e3b3ee92a0bca41c349071564a14fd31f810bd1b0702d5df75351
2023-09-21 19:38:32
0
62
8189c708706eb7302d7598aeee8cd6bdb048bf1a6dbe29c59e50f0a39fd53973
2022-12-29 01:27:49
40
64
0cd7b6ea8857ce827180342a1c955e79c3336a6cf2000244e5cfd4279c5fc1b6
2022-11-21 09:12:08
34
64
d7112a1e1c68c366c05bbede9dbe782bb434231f84e5a72a724cc8345d8d9d13
2022-11-17 09:09:35
39
64
10ab76cd6d6b50d26fde5fe54e8d80fceeb744de8dbafddff470939fac6a98c4

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022