ESXi VM Enumeration Using VIM-CMD

Rule Info

Name
ESXi VM Enumeration Using VIM-CMD
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects the use of vim-cmd to list all VMs on an ESXi host, which could be part of reconnaissance or preparation for malicious activities. The command provides information about the VMs, including their names, power states, and other details. This could be used by adversaries to identify potential targets for further exploitation.
Reference
https://lolesxi-project.github.io/LOLESXi/lolesxi/Binaries/vim-cmd/#system%20information
Date
2025-05-22 00:00:00
Modified
None
Id
b8d0e41c-1634-4d9b-a4a8-f439745fd0c1
Tags
attack.discovery attack.t1082 attack.execution attack.t1675
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022