TargetCompany’s Linux Variant Targets ESXi Environments

216.73.216.6

TargetCompany’s Linux Variant Targets ESXi Environments

· Published 06/06/2024 11:42 · Modified 06/06/2024 12:06

Essential information

Published: 06/06/2024 11:42
Modified: 06/06/2024 12:06
Tags: 2024-06-06 cloud security execution lockbit ransomware targetcompany vampire vmware esxi
Related entities: 3 observables, 7 techniques (mitre), 4 others

Description

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new variant of the TargetCompany ransomware has been observed which specifically targets Linux environments. This variant uses a shell script for payload delivery and execution.

External references

https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
https://otx.alienvault.com/pulse/6661a0c0d57c2359025a1baf