{"vulnerability": "CVE-2024-37085", "sightings": [{"uuid": "ee69294c-427b-40eb-a2bd-f515cf8d0dc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/2178", "content": "https://github.com/Florian-Hoth/CVE-2024-37085-RCE-POC", "creation_timestamp": "2024-08-10T22:47:02.000000Z"}, {"uuid": "502a93ba-3baf-4618-b47e-8ba8d091da6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://t.me/CyberBulletin/242", "content": "\u26a1Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085.\n\n#CyberBulletin", "creation_timestamp": "2024-08-02T14:29:17.000000Z"}, {"uuid": "8df21edf-971b-441c-b452-2acb700f5222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/HackingInsights/11571", "content": "BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085\nhttps://ift.tt/U8q2mjF", "creation_timestamp": "2024-08-30T10:27:57.000000Z"}, {"uuid": "f512916f-d0fb-4ef7-8870-10ce94811242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/HackingInsights/11529", "content": "\u200aBlackByte Ransomware Group Exploits VMware CVE-2024-37085 Flaw, Shifts Tactics\n\nhttps://securityonline.info/blackbyte-ransomware-group-exploits-vmware-cve-2024-37085-flaw-shifts-tactics/", "creation_timestamp": "2024-08-29T09:08:13.000000Z"}, {"uuid": "25300556-b5c6-4942-89ef-c1914c8dc37a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/HackingInsights/7893", "content": "\u200aRansomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085\n\nhttps://securityaffairs.com/166295/cyber-crime/ransomware-gangs-exploit-cve-2024-37085-vmware-esxi.html", "creation_timestamp": "2024-07-30T12:37:31.000000Z"}, {"uuid": "aeb1c82a-6485-4ba7-aba6-f962d426a945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/7884", "content": "\u200aCVE-2024-37085: VMware ESXi Vulnerability Exploited by Ransomware Gangs\n\nhttps://securityonline.info/cve-2024-37085-vmware-esxi-vulnerability-exploited-by-ransomware-gangs/", "creation_timestamp": "2024-07-30T12:37:31.000000Z"}, {"uuid": "8c8fe6a3-1adf-4fe0-b8b6-b9fa106d0aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/16411", "content": "The Hacker News\nVMware ESXi Flaw Exploited by Ransomware Groups for Admin Access\n\nA recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by \"several\" ransomware groups to gain elevated permissions and deploy file-encrypting malware.\nThe attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host.\n\"A", "creation_timestamp": "2024-07-30T11:58:47.000000Z"}, {"uuid": "b08bbf7c-6d04-4c43-82c9-4d3269ed323c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "Telegram/9FpOrb1S7mX2aiTQCTQiFBIhh0KINNHaHAEMZwqFYsdGnw", "content": "", "creation_timestamp": "2024-07-30T10:19:05.000000Z"}, {"uuid": "28da99f0-bb36-401b-bbe0-f0d345b8a743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/3179", "content": "The Hacker News\nVMware ESXi Flaw Exploited by Ransomware Groups for Admin Access\n\nA recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by \"several\" ransomware groups to gain elevated permissions and deploy file-encrypting malware.\nThe attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host.\n\"A", "creation_timestamp": "2024-07-30T11:58:47.000000Z"}, {"uuid": "28924392-a32d-47f0-8c04-a97a62b9e922", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/KomunitiSiber/2321", "content": "VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access\nhttps://thehackernews.com/2024/07/vmware-esxi-flaw-exploited-by.html\n\nA recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by \"several\" ransomware groups to gain elevated permissions and deploy file-encrypting malware.\nThe attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host.\n\"A", "creation_timestamp": "2024-07-30T11:29:56.000000Z"}, {"uuid": "e2c2cc11-2050-4a0e-8d9c-12e397552220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://t.me/GrayHatsHack/8458", "content": "\u26a1Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085.\n\n#CyberBulletin", "creation_timestamp": "2024-08-02T14:37:46.000000Z"}, {"uuid": "64957d83-3fad-45c7-a3a6-608a5a05c07d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://t.me/dilagrafie/3599", "content": "\u26a1Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085.\n\n#CyberBulletin", "creation_timestamp": "2024-08-02T14:50:27.000000Z"}, {"uuid": "4980d70a-d9b6-4df8-aff8-9a810ebac2cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://t.me/GrayHatsHack/7145", "content": "\u26a1Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085.\n\n#CyberBulletin", "creation_timestamp": "2024-08-02T14:37:46.000000Z"}, {"uuid": "083c5bf9-db48-4259-980a-db5e43b68e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://t.me/MrVGunz/1230", "content": "\ud83d\udccd #\u0647\u0634\u062f\u0627\u0631_\u0627\u0645\u0646\u06cc\u062a\u06cc: \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a #VMware\n\n\u0645\u062d\u0635\u0648\u0644\u0627\u062a #VMware \u0637\u06cc \u0631\u0648\u0632\u0647\u0627\u06cc \u0627\u062e\u06cc\u0631\u060c \u0628\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u062c\u062f\u06cc \u0645\u0648\u0627\u062c\u0647 \u0634\u062f\u0647\u200c\u0627\u0646\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u0628\u0647\u200c\u0648\u06cc\u0698\u0647 CVE-2024-37085\u060c \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u0628\u0627 \u062f\u0648\u0631 \u0632\u062f\u0646 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc\u060c \u062d\u0645\u0644\u0627\u062a \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 (#DoS) \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f\u0647 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0645\u062c\u0627\u0632\u06cc \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u0646\u062f.\n\n#\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2024-37085:\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0648\u062c\u0648\u062f \u06cc\u06a9 \u06af\u0631\u0648\u0647 \u0627\u0632 \u062f\u0627\u0645\u0646\u0647\u200c\u0647\u0627\u06cc \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a\u06cc \u06a9\u0627\u0645\u0644 \u0648 \u0628\u062f\u0648\u0646 \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0645\u0646\u0627\u0633\u0628\u060c \u0628\u0633\u06cc\u0627\u0631 \u062e\u0637\u0631\u0646\u0627\u06a9 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0646\u0642\u0635 \u0627\u0645\u0646\u06cc\u062a\u06cc\u060c \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0645\u0647\u0627\u062c\u0645 \u0631\u0627 \u062f\u0631 \u0645\u062d\u06cc\u0637\u200c\u0647\u0627\u06cc \u0645\u062c\u0627\u0632\u06cc \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f.\n\n#\u0645\u062d\u0635\u0648\u0644\u0627\u062a_\u062a\u062d\u062a_\u062a\u0623\u062b\u06cc\u0631:\n\n- #VMware_ESXi \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc 7.0 \u0648 8.0\n- #VMware_vCenter_Server \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc 7.0 \u0648 8.0\n- #VMware_Cloud_Foundation \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc 4.x \u0648 5.x\n\n#\u0627\u0642\u062f\u0627\u0645\u0627\u062a_\u0636\u0631\u0648\u0631\u06cc:\n\u0628\u0647\u200c\u0634\u062f\u062a \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u062a\u0645\u0627\u0645\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0648 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc VMware\u060c \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0631\u0627 \u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u0646\u062f. \u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u0648 \u062f\u0627\u0646\u0644\u0648\u062f \u067e\u0686\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc\u060c \u0628\u0647 \u0644\u06cc\u0646\u06a9 \u0632\u06cc\u0631 \u0645\u0631\u0627\u062c\u0639\u0647 \u0646\u0645\u0627\u06cc\u06cc\u062f:\n\n\ud83c\udf10 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505\n\n#\u062a\u0648\u062c\u0647: \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0628\u062d\u0631\u0627\u0646\u06cc \u0628\u0648\u062f\u0646 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u0647\u0631\u06af\u0648\u0646\u0647 \u062a\u0623\u062e\u06cc\u0631 \u062f\u0631 \u0627\u0639\u0645\u0627\u0644 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0639\u0648\u0627\u0642\u0628 \u062c\u0628\u0631\u0627\u0646\u200c\u0646\u0627\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0634\u0645\u0627 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.\n\n\ud83d\udd17 \u062c\u0647\u062a \u0645\u0637\u0627\u0644\u0639\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/vmware-products-multiple-vulnerabilities_20240730\n\n\n\ud83d\udccd #SecurityAlert: Critical Vulnerabilities in #VMware Products\n\nIn recent days, several serious security vulnerabilities have been identified in VMware products. These vulnerabilities, particularly CVE-2024-37085, allow attackers to bypass security mechanisms, perform denial-of-service attacks (#DoS), and gain full control over virtual systems.\n\nVulnerability CVE-2024-37085:\n\nThis vulnerability is extremely dangerous due to the presence of a set of default domains with full administrative access and inadequate authentication. This security flaw enables attackers to execute arbitrary code in virtual environments.\n\nAffected Products:\n\n- #VMware_ESXi versions 7.0 and 8.0\n- #VMware_vCenter_Server versions 7.0 and 8.0\n- #VMware_Cloud_Foundation versions 4.x and 5.x\n\nNecessary Actions:\n\nIt is highly recommended that all VMware system users and administrators apply the related security updates as soon as possible. For more information and to download security patches, visit the link below:\n\n\ud83c\udf10 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505\n\nNote: Due to the critical nature of these vulnerabilities, any delay in applying updates could have severe consequences for the security of your systems.\n\n\ud83d\udd17 To read the full article, visit:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/vmware-products-multiple-vulnerabilities_20240730", "creation_timestamp": "2024-08-05T16:02:15.000000Z"}, {"uuid": "097bbc2b-8f56-4bb2-b336-112d6ce8f1eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/true_secator/6050", "content": "Shadowserver \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0431\u043e\u043b\u0435\u0435 20 000 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 VMware ESXi, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u044e\u0442\u0441\u044f \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2024-37085 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 6,8), \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0443 ESXi.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438 Active Directory (AD) \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0445\u043e\u0441\u0442\u0443 ESXi, \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 AD \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438, \u043f\u0443\u0442\u0435\u043c \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b AD (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u00ab\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b ESX\u00bb) \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0438\u0437 AD.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 24 \u0438\u044e\u043b\u044f, \u0430 \u043c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0434\u0435\u043b\u044e, \u043a\u0430\u043a \u043c\u044b \u0443\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438, Microsoft \u0437\u0430\u043f\u0440\u0438\u043c\u0435\u0442\u0438\u043b\u0430 \u0440\u044f\u0434 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0445 \u0433\u0440\u0443\u043f\u043f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0436\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u0431\u0430\u0433 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Microsoft, Storm-0506, Storm-1175, Octo Tempest \u0438 Manatee Tempest \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u043d\u0430\u043a\u0430\u0442\u044b\u0432\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a Akira \u0438 Black Basta.\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0445 \u0430\u0442\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u043b\u0438 \u0433\u0440\u0443\u043f\u043f\u0443 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 ESX \u0438 \u0434\u043e\u0431\u0430\u0432\u044f\u043b\u0438 \u0441\u0435\u0431\u044f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0447\u043b\u0435\u043d\u043e\u0432 \u0433\u0440\u0443\u043f\u043f\u044b, \u043f\u043e\u043b\u0443\u0447\u0430\u044f \u043f\u043e\u043b\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u043e\u0432 VMware ESXi, \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0438\u0432\u0448\u0438\u0445\u0441\u044f \u043a \u0433\u0440\u0443\u043f\u043f\u0435.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u043b\u0430 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430\u043c ESXi, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0441\u0447\u0435\u0442\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u043e\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430.\n\n\u0412 \u0441\u0440\u0435\u0434\u0443 Shadowserver Foundation \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 CVE-2024-37085 \u0432 \u0441\u0432\u043e\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 CVE \u0438 \u0447\u0442\u043e \u043f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 30 \u0438\u044e\u043b\u044f \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 20 000 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442.\n\n\u0412 Shadowserver \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u044d\u0442\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b, \u043e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0438 ESXi, \u043d\u043e \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u0437 \u043d\u0438\u0445 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c\u0441\u044f \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u0425\u043e\u0442\u044f CVE-2024-37085 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0435\u0435 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0430\u044f\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u0435\u043b\u0430\u0435\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043d\u0435\u043e\u0442\u043b\u043e\u0436\u043d\u043e\u0439 \u0437\u0430\u0434\u0430\u0447\u0435\u0439 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439.", "creation_timestamp": "2024-08-02T10:24:28.000000Z"}, {"uuid": "bcd7952c-f3ce-4dc0-9302-b443fbc6eca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/true_secator/6041", "content": "\u0412\u043a\u0440\u0430\u0442\u0446\u0435 \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c, \u043a\u043e\u0438\u0445 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435 \u043c\u0430\u043b\u043e \u043d\u0430 \u043d\u0435\u0434\u0435\u043b\u0435.\n\nZoho \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0434\u0432\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\u00a0\u0434\u043b\u044f \u0441\u0432\u043e\u0435\u0433\u043e \u041f\u041e ManageEngine \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0434\u0432\u0443\u0445 SQL-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Exchange Reporter Plus.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-38871 \u0438 CVE-2024-38872 (\u043e\u0431\u0435 \u0441 CVSS 8,3), \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 \u0435\u0449\u0435 \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c, \u0432\u043e \u0432\u0441\u044f\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u043e\u043a\u0430.\n\n\u041c\u043d\u043e\u0433\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u044c\u043d\u0430\u044f Progress \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043c\u043d\u043e\u0433\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u044c\u043d\u043e\u0433\u043e MOVEit Transfer.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 CVE-2024-6576 \u0432 \u043c\u043e\u0434\u0443\u043b\u044c SFTP \u0438\u043c\u0435\u0435\u0442 CVSS 7.3 \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \u0423\u043f\u043e\u043c\u0438\u043d\u0430\u043d\u0438\u0439 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u0442, \u043d\u043e \u0437\u043d\u0430\u044f MOVEit - \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u0441\u0442\u043e\u0438\u0442.\n\nSalt Security \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u0435 Hotjar, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u043d\u0430 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043e\u043d\u043b\u0430\u0439\u043d-\u0441\u0435\u0440\u0432\u0438\u0441\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u0430\u0439\u0442\u044b \u043c\u0438\u0440\u043e\u0432\u044b\u0445 \u0431\u0440\u0435\u043d\u0434\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Adobe, Microsoft, Panasonic, Columbia, RyanAir, Decathlon, T-Mobile, Nintendo \u0438 \u0434\u0440.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CosmicSting Magento \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432. \n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0442\u0430\u043b\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e  \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0435\u0449\u0435 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430.\n\nCloudSEK \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c LFI \u0432 Jenkins, \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u043a\u0430\u043a CVE-2024-23897, \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 Github.\n\nMicrosoft\u00a0\u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430\u00a0\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0438 0-day VMware ESXi (CVE-2024-37085) \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Akira \u0438 Black Basta.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f (CVE-2024-37085) \u043d\u0430\u0445\u043e\u0434\u0438\u043b\u0430\u0441\u044c \u0432 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 ESXi Active Directory. \n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0438 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 ESXi, \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u043d\u044b\u0445 \u043a \u0434\u043e\u043c\u0435\u043d\u0443.", "creation_timestamp": "2024-07-31T15:33:16.000000Z"}, {"uuid": "069754b1-7225-478d-ac0b-e4d130b1931d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/ctinow/222548", "content": "BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085\nhttps://ift.tt/U8q2mjF", "creation_timestamp": "2024-08-28T17:19:41.000000Z"}, {"uuid": "a765785d-2c6e-4d04-a779-735de6102331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/information_security_channel/52639", "content": "Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw\nhttps://www.securityweek.com/microsoft-says-ransomware-gangs-exploiting-just-patched-vmware-esxi-flaw/\n\nVMware did not mention in-the-wild exploitation for CVE-2024-37085 but Microsoft says ransomware gangs are abusing the just-patched flaw.\nThe post Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw (https://www.securityweek.com/microsoft-says-ransomware-gangs-exploiting-just-patched-vmware-esxi-flaw/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-07-29T20:58:17.000000Z"}, {"uuid": "f0f37fba-fe1a-4d53-9e31-0fbf4f85f16a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/thehackernews/5487", "content": "\ud83d\udea8 Alert: BlackByte ransomware is exploiting a recently patched VMware ESXi vulnerability (CVE-2024-37085) to escalate privileges and compromise systems. \n \nBut that's not all... they're also using vulnerable drivers to disable security measures, making this attack especially dangerous. \n \nRead: https://thehackernews.com/2024/08/blackbyte-ransomware-exploits-vmware.html \n \n \nP.S. If this was helpful, consider resharing \u267b\ufe0f to help others stay protected!", "creation_timestamp": "2024-08-28T12:41:22.000000Z"}, {"uuid": "654897a7-394a-4a0d-b6bf-b5750eff51b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/nihonmatsu.bsky.social/post/3lgsdwgjvjk2c", "content": "", "creation_timestamp": "2025-01-28T11:27:05.474647Z"}, {"uuid": "fea1eccc-6f43-4008-9e4a-db0eedaa4a57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:56.000000Z"}, {"uuid": "03951b06-e686-4fed-87fc-dd70952713ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3lw4udfrzwq23", "content": "", "creation_timestamp": "2025-08-11T13:05:10.436096Z"}, {"uuid": "b46bb366-c12e-4b10-a5bc-90fd9dbbb5dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3m3afk26kyo2h", "content": "", "creation_timestamp": "2025-10-15T13:57:03.609017Z"}, {"uuid": "020e5d2f-d945-4853-99a8-3fb70321c315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:32.000000Z"}, {"uuid": "40a5569e-fc93-43da-ad86-759f7411ead2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://vulnerability.circl.lu/comment/501e7a04-3a1e-4ac4-b24b-6ff22b0b554d", "content": "", "creation_timestamp": "2024-08-01T20:57:15.091620Z"}, {"uuid": "ef78396f-486b-4d52-ae44-fba75ea1beb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8151", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aVulnerability Scanner for CVE-2024-37085 and Exploits ( For Educational Purpose only)\nURL\uff1ahttps://github.com/mahmutaymahmutay/CVE-2024-37085\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-02T13:47:53.000000Z"}, {"uuid": "fc0d8572-00b2-4d93-a87f-a650d5904857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/ptescalator/274", "content": "Net group \"babyk\" /add\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0434\u043d\u043e\u0433\u043e \u0438\u0437 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u043c\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0444\u0430\u043a\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-37085. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u043e\u043c VMware ESXi, \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u043d\u044b\u043c \u043a \u0434\u043e\u043c\u0435\u043d\u0443 \ud83d\ude20\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0435 \u0432 \u0433\u0440\u0443\u043f\u043f\u0443 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c ESX Admins, \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0438\u043c\u0435\u044e\u0442 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0443. \u042d\u0442\u0430 \u0433\u0440\u0443\u043f\u043f\u0430 \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0434\u043e\u043c\u0435\u043d\u0435 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0437\u0430\u0432\u043b\u0430\u0434\u0435\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u044c\u044e, \u0438\u043c\u0435\u044e\u0449\u0435\u0439 \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043d\u0435\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u270f\ufe0f \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-37085 \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Microsoft \u0432 \u0438\u044e\u043b\u0435 2024 \u0433\u043e\u0434\u0430.\n\n\u0412 \u0441\u0442\u0430\u0442\u044c\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a\u043e\u0432 Akira \u0438 Black Basta. \u0412 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u043e\u0442\u0447\u0435\u0442\u0430\u0445 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0435\u0442.\n\n\ud83d\udc64 \u0412 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u043c\u043e\u043c \u043d\u0430\u043c\u0438 \u0441\u043b\u0443\u0447\u0430\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430 \u0438 \u0437\u0430\u0432\u043b\u0430\u0434\u0435\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0441 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438. \u041f\u043e\u0441\u043b\u0435 \u043e\u043d\u0438 \u0441\u043e\u0437\u0434\u0430\u043b\u0438 \u0433\u0440\u0443\u043f\u043f\u0443 ESX Admins \u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438 \u0432 \u043d\u0435\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b:\n\nnet group \"ESX Admins\" /add /domain\nnet group \"ESX Admins\" superuser /add /do\n\n\n\u041e\u0442 \u0438\u043c\u0435\u043d\u0438 \u044d\u0442\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u0438 \u0432\u043e\u0448\u043b\u0438 \u043d\u0430 \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440 \u0438 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u0438 \u0444\u0430\u0439\u043b\u044b \u0438 \u0434\u0438\u0441\u043a\u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u0441 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435\u043c Babyk.\n\n\u0412 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2024-37085 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043c\u043e\u0447\u044c \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430 Security:\n\n\u2022 4727 \u2014 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Active Directory \u0441 \u0438\u043c\u0435\u043d\u0435\u043c ESX Admins;\n\u2022 4737 \u2014 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Active Directory (\u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u0432 ESX Admins);\n\u2022 4728 \u2014 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432 \u0433\u0440\u0443\u043f\u043f\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Active Directory \u0441 \u0438\u043c\u0435\u043d\u0435\u043c ESX Admins.\n\n\u0414\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f VMware ESXi.\n\n#dfir #cve #detect #win\n@ptescalator", "creation_timestamp": "2025-03-04T12:58:41.000000Z"}, {"uuid": "492f4cd2-8e8c-4c6e-b602-805a9fbbb89c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "Telegram/v546fKl79y1sfcdaU9NpE9FOqkGwS4h43wi_wda2uiJjmw", "content": "", "creation_timestamp": "2024-07-30T11:59:02.000000Z"}, {"uuid": "7b924aca-d121-4848-bcf8-d0acc0a1c5e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/CNArsenal/2931", "content": "https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/#mitigation-and-protection-guidance\n\nRansomware operators exploit ESXi hypervisor vulnerability for mass encryption\n\nhttps://github.com/rapid7/Rapid7-Labs/blob/main/Vql/CVE-2024-37085.yaml\n#github #exploit #\u5206\u6790", "creation_timestamp": "2024-07-31T18:10:20.000000Z"}, {"uuid": "e50b2aab-e096-43d1-9aa6-a90d6a7f1cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/aimainainnu.bsky.social/post/3lidhjs3ps22s", "content": "", "creation_timestamp": "2025-02-17T00:12:06.601659Z"}, {"uuid": "8a0abc83-21e8-4da3-b393-f89a9d60a550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lv7ljgdcb22e", "content": "", "creation_timestamp": "2025-07-30T21:40:15.502467Z"}, {"uuid": "bab2d1b5-8f40-4009-be39-70dc2a6683c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://www.cert.at/de/warnungen/2024/7/kritische-sicherheitslucke-in-vmware-esxi-aktiv-ausgenutzt-update-verfugbar", "content": "", "creation_timestamp": "2024-07-30T08:10:29.000000Z"}, {"uuid": "66c37010-8e3c-4f9a-b923-96cf79d05090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3lwzfffh7vl25", "content": "", "creation_timestamp": "2025-08-22T21:25:03.030646Z"}, {"uuid": "76f86120-b023-401e-b999-d57e128f7f59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3m23gjdlis42q", "content": "", "creation_timestamp": "2025-09-30T21:06:03.924242Z"}, {"uuid": "230e8879-c57e-4ba0-8152-0113a5bc3831", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3ly3pzzfqcn2s", "content": "", "creation_timestamp": "2025-09-05T13:06:03.260524Z"}, {"uuid": "b87a3c42-6a9a-4007-8075-08355bff7de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1319", "content": "", "creation_timestamp": "2024-06-28T04:00:00.000000Z"}, {"uuid": "5ee7aaad-ca65-405a-a19c-335f5d4b42b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/08dccffe-9ce0-49c5-b0df-5c1b2f91d794", "content": "", "creation_timestamp": "2026-02-02T12:26:32.529442Z"}, {"uuid": "0626af7d-530b-40bb-bbe4-3e33a8a4c66e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8248", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-37085 unauthenticated shell upload to full administrator on domain-joined esxi hypervisors.\nURL\uff1ahttps://github.com/WTN-arny/Vmware-ESXI\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-12T17:48:42.000000Z"}, {"uuid": "10d3966a-88ad-4991-a1e1-c90fb2791379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "published-proof-of-concept", "source": "Telegram/h1D9PfwREVtrT2yeF8KxwAs_vnX1LlWg5byKhpIexuZjzT0", "content": "", "creation_timestamp": "2024-07-31T19:11:54.000000Z"}, {"uuid": "1a13bba9-cc2d-4b9a-82b3-e8c4235fb6f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/Kelvinseccommunity/662", "content": "#hardening\n#Blue_Team_Techniques\nESXi Security-hardening:\nchange the default \"ESX Admins\" AD group\nhttps://mosnotes.com/2018/12/05/esxi-security-hardening-change-the-default-esx-admins-ad-group\n]-&gt; CVE-2024-37085: https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/#mitigation-and-protection-guidance\n]-&gt; https://github.com/rapid7/Rapid7-Labs/blob/main/Vql/CVE-2024-37085.yaml", "creation_timestamp": "2024-07-31T12:00:33.000000Z"}, {"uuid": "0980ff58-4ddb-4fa9-8d4b-b17e50fc208e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/15163", "content": "https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/#mitigation-and-protection-guidance\n\nRansomware operators exploit ESXi hypervisor vulnerability for mass encryption\n\nhttps://github.com/rapid7/Rapid7-Labs/blob/main/Vql/CVE-2024-37085.yaml\n#github #exploit #\u5206\u6790", "creation_timestamp": "2024-07-31T23:37:52.000000Z"}, {"uuid": "af02b7db-a7bb-4ffd-b224-36dd3f56e4cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://t.me/ctinow/221181", "content": "Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085\nhttps://ift.tt/fWIZTG8", "creation_timestamp": "2024-08-01T22:59:55.000000Z"}, {"uuid": "86d6f837-9bf6-49a7-9869-411244645a72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://t.me/ctinow/220983", "content": "Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085\nhttps://ift.tt/hmqjCFg", "creation_timestamp": "2024-07-30T00:00:05.000000Z"}, {"uuid": "0efd4528-64e4-44de-ad0e-accd0bc5438f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10908", "content": "#hardening\n#Blue_Team_Techniques\nESXi Security-hardening:\nchange the default \"ESX Admins\" AD group\nhttps://mosnotes.com/2018/12/05/esxi-security-hardening-change-the-default-esx-admins-ad-group\n]-&gt; CVE-2024-37085: https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/#mitigation-and-protection-guidance\n]-&gt; https://github.com/rapid7/Rapid7-Labs/blob/main/Vql/CVE-2024-37085.yaml", "creation_timestamp": "2024-07-31T13:28:44.000000Z"}, {"uuid": "87b423df-c3c8-4cb1-a9e7-fea80c2b2ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3516", "content": "#hardening\n#Blue_Team_Techniques\nESXi Security-hardening:\nchange the default \"ESX Admins\" AD group\nhttps://mosnotes.com/2018/12/05/esxi-security-hardening-change-the-default-esx-admins-ad-group\n]-&gt; CVE-2024-37085: https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/#mitigation-and-protection-guidance\n]-&gt; https://github.com/rapid7/Rapid7-Labs/blob/main/Vql/CVE-2024-37085.yaml", "creation_timestamp": "2024-08-16T11:18:08.000000Z"}, {"uuid": "fe957865-aa4e-43ee-a9e3-21d6d0d7bab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-07-30T18:10:02.000000Z"}, {"uuid": "68f2b980-84f7-4e6e-adda-107ce198d8c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3lkre3zpwzo2t", "content": "", "creation_timestamp": "2025-03-19T23:38:17.724257Z"}, {"uuid": "33df7441-796f-4a4d-97ff-eacf83160e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3lunfgbbb3q26", "content": "", "creation_timestamp": "2025-07-23T16:03:12.086188Z"}, {"uuid": "290dfd38-9572-4240-b4d6-7ad0c0f9b07c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3luxf4se5ft2p", "content": "", "creation_timestamp": "2025-07-27T15:24:32.191711Z"}, {"uuid": "e2170994-501e-4c89-846b-28c60ea5237d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3lz2qzccvcy2u", "content": "", "creation_timestamp": "2025-09-17T21:16:05.110698Z"}, {"uuid": "16ef095a-5e50-4582-a68e-af0ba9a26753", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3m2mzrqk2uz2q", "content": "", "creation_timestamp": "2025-10-07T21:06:02.982431Z"}, {"uuid": "ede7cbe2-f12a-46d7-98d4-bc77c1e5ad9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3lylniiglj62i", "content": "", "creation_timestamp": "2025-09-11T21:03:03.843689Z"}, {"uuid": "e620da98-83f6-4b97-b4ee-dc1b45dac57e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/08dccffe-9ce0-49c5-b0df-5c1b2f91d794", "content": "", "creation_timestamp": "2026-02-02T12:26:32.529442Z"}, {"uuid": "897f421d-c4c7-43e7-8439-12a9977ea143", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-37085", "type": "seen", "source": "https://www.acn.gov.it/portale/w/akira-campagne-di-sfruttamento-sistematico-di-vulnerabilita-perimetrali-e-accessi-vpn", "content": "", "creation_timestamp": "2026-04-13T03:29:00.000000Z"}, {"uuid": "3838430f-6cff-4cae-b1d0-1522320443eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "exploited", "source": "https://t.me/HackingInsights/7955", "content": "Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085\nhttps://ift.tt/hmqjCFg", "creation_timestamp": "2024-07-30T12:38:01.000000Z"}, {"uuid": "d40cfba1-a7cc-4ece-baeb-e46c64b0fe79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37085", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1607", "content": "https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/#mitigation-and-protection-guidance\n\nRansomware operators exploit ESXi hypervisor vulnerability for mass encryption\n\nhttps://github.com/rapid7/Rapid7-Labs/blob/main/Vql/CVE-2024-37085.yaml\n#github #exploit #\u5206\u6790", "creation_timestamp": "2024-07-31T23:37:52.000000Z"}]}