Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

TargetCompany’s Linux Variant Targets ESXi Environments

June 6, 2024, 12:06 p.m.

Description

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new variant of the TargetCompany ransomware has been observed which specifically targets Linux environments. This variant uses a shell script for payload delivery and execution.

Date

Published: June 6, 2024, 11:42 a.m.

Created: June 6, 2024, 11:42 a.m.

Modified: June 6, 2024, 12:06 p.m.

Indicators

7c10256d9358d4cadb96b8160651172b6ac9a4bf898868823f7c76bf33cb823e

1c8b6d5b79d7d909b7ee22cccf8f71c1bd8182eedfb9960c94776620e4543d13

111.10.231.151

Attack Patterns

T1408

T1486

T1070

T1082

T1105

T1041

T1059

Additional Informations

Korea, Democratic People's Republic of

India

Taiwan

Thailand