Eldorado Ransomware Targets VMware ESXi and Windows

    Sunday, July 28, 2024 In: Threat Research Print

    Date: 07/08/2024

    Severity: High

    Summary

    "Eldorado Ransomware Targets VMware ESXi and Windows" is likely a report or article detailing a newly identified ransomware threat named Eldorado. This malware specifically targets VMware ESXi virtualization servers and Windows operating systems. The summary would cover how Eldorado infects and encrypts data on these platforms, the ransom demands it makes, and any unique characteristics of its attack methods. It would emphasize the implications for organizations using VMware ESXi and Windows, underscoring the critical need for cybersecurity defenses and mitigation strategies against ransomware attacks.

    Indicators of Compromise (IOC) List

    IP Address

    173.44.141.152

    Hash

    666eed520d2b430e1016eec555c0cd125912f9a8f7590d77c286eff52416fbaf

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address

    dstipaddress IN (“173.44.141.152”) or ipaddress IN (“173.44.141.152”) or publicipaddress IN (“173.44.141.152”) or srcipaddress IN (“173.44.141.152”)

    Hash

    md5hash IN (“315a9d36ed86894269e0126b649fb3d6”)

sha1hash IN (“caaa1f85dd333c9d19767b5de527152d5acbc2a4”)

sha256hash IN (“cb0b9e509a0f16eb864277cd76c4dcaa5016a356dd62c04dff8f8d96736174a7”)

    Reference:

    https://www.rewterz.com/threat-advisory/eldorado-ransomware-targets-vmware-esxi-and-windows-active-iocs

    https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware-esxi-vms/?&web_view=true

    https://cyware.com/news/new-eldorado-ransomware-targets-windows-vmware-esxi-vms-4a4080db

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.