SecuriTricks - Attack Report

Description

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new variant of the TargetCompany ransomware has been observed which specifically targets Linux environments. This variant uses a shell script for payload delivery and execution.

External References

https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html

https://otx.alienvault.com/pulse/6661a0c0d57c2359025a1baf

Date

Created: June 6, 2024, 11:42 a.m.
Published: June 6, 2024, 11:42 a.m.
Modified: June 6, 2024, 12:06 p.m.

Indicators

7c10256d9358d4cadb96b8160651172b6ac9a4bf898868823f7c76bf33cb823e
1c8b6d5b79d7d909b7ee22cccf8f71c1bd8182eedfb9960c94776620e4543d13

111.10.231.151

Download all indicators here!

TargetCompany’s Linux Variant Targets ESXi Environments

Description

External References

Tags

Date

Indicators

Attack Patterns

Additional Informations

TargetCompany’s Linux Variant Targets ESXi Environments

Description

External References

Tags

Date

Indicators

Attack Patterns

Additional Informations

Share