Rule Info
Name
Potential Rogue Virtual Machine Execution via VMX
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects potential rogue virtual machine execution via direct vmx binary execution with -x argument, which bypasses vCenter visibility and registration workflows.
This technique may be used by adversaries to maintain persistence within a virtualized environment.
Date
2026-04-09 00:00:00
Modified
None
Id
aff99c6c-1e09-4b4a-a267-456cf1836174
Tags
attack.execution attack.t1675
Type
Nextron Sigma feed only (private)
Rule History
Scan your endpoints, forensic images or collected files with our portable scanner THOR