TargetCompany’s Linux Variant Targets ESXi Environments
June 6, 2024, 12:06 p.m.
Tags
External References
Description
Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new variant of the TargetCompany ransomware has been observed which specifically targets Linux environments. This variant uses a shell script for payload delivery and execution.
Date
Published: June 6, 2024, 11:42 a.m.
Created: June 6, 2024, 11:42 a.m.
Modified: June 6, 2024, 12:06 p.m.
Indicators
7c10256d9358d4cadb96b8160651172b6ac9a4bf898868823f7c76bf33cb823e
1c8b6d5b79d7d909b7ee22cccf8f71c1bd8182eedfb9960c94776620e4543d13
111.10.231.151
Attack Patterns
T1408
T1486
T1070
T1082
T1105
T1041
T1059
Additional Informations
Korea, Democratic People's Republic of
India
Taiwan
Thailand