{
  "name": "TargetCompany\u2019s Linux Variant Targets ESXi Environments",
  "slug": "targetcompanys-linux-variant-targets-esxi-environments",
  "description": "Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new variant of the TargetCompany ransomware has been observed which specifically targets Linux environments. This variant uses a shell script for payload delivery and execution.",
  "published": "2024-06-06T09:42:56+00:00",
  "created_at": "2024-06-06T09:42:56+00:00",
  "modified_at": "2024-06-06T10:06:28+00:00",
  "created_at_opencti": "2024-06-06T09:42:56+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-06-06",
    "cloud security",
    "execution",
    "lockbit",
    "ransomware",
    "targetcompany",
    "vampire",
    "vmware esxi"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "111.10.231.151"
      },
      {
        "id": "",
        "name": "7c10256d9358d4cadb96b8160651172b6ac9a4bf898868823f7c76bf33cb823e"
      },
      {
        "id": "",
        "name": "1c8b6d5b79d7d909b7ee22cccf8f71c1bd8182eedfb9960c94776620e4543d13"
      }
    ],
    "attack_patterns": [
      {
        "id": "fc5d89d9-77a6-4264-befb-ce76a77ebdd9",
        "name": "T1408"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "53b3b18c-d0d0-4bf6-bc6b-2c0ab9180deb",
        "name": "T1070"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "fa3b8b48-d97c-4242-83a6-07d435a5a79e",
        "name": "T1041"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Korea, Democratic People's Republic of"
      },
      {
        "id": "",
        "name": "India"
      },
      {
        "id": "",
        "name": "Taiwan"
      },
      {
        "id": "",
        "name": "Thailand"
      }
    ]
  },
  "external_refs": [
    "https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html",
    "https://otx.alienvault.com/pulse/6661a0c0d57c2359025a1baf"
  ]
}