![\"\"](\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/06\/image-21.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/06\/image-22.png\")
<\/figure>\n\n\n\n1. Leverages “esxcli” CLI component to kill VMs via world id<\/p>\n\n\n\n
2. affiliate “sub”:”7864″ | usual struct<\/p>\n\n\n\n
3. GCC: (Ubuntu 4.8.4-2ubuntu1~14.04.4) 4.8.4<\/p>\n\n\n\n
\u53e6\u5916AT &T Alien Labs\u6280\u8853\u7e3d\u76e3Jaime Blasco\uff0c\u4e5f\u5206\u4eab\u4e86Linux \u7248\u7684REvil\u52d2\u7d22\u8edf\u9ad4\u7684\u60e1\u610f\u7a0b\u5f0f\u7279\u5fb5\u898f\u5247YARA RULE\u8207Hash\u503c:<\/p>\n\n\n\n FileHash-MD5 ab3229656f73505a3c53f7d2e95efd0e<\/p>\n\n\n\n FileHash-MD5 e199f02ffcf1b1769c8aeb580f627267<\/p>\n\n\n\n FileHash-MD5 96a157e4c0bef22e0cea1299f88d4745<\/p>\n\n\n\n FileHash-MD5 395249d3e6dae1caff6b5b2e1f75bacd<\/p>\n\n\n\n FileHash-SHA256 3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d<\/p>\n\n\n\n FileHash-SHA256 796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4<\/p>\n\n\n\n FileHash-SHA256 d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763<\/p>\n\n\n\n FileHash-SHA256 ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4<\/p>\n\n\n\n FileHash-SHA1 446771415864f4916df33aad1aa7e42fa104adee<\/p>\n\n\n\n FileHash-SHA1 45404b862e70a7a1b4db6c73d374b8ac19ddf772<\/p>\n\n\n\n FileHash-SHA1 9586ebc83a1b6949e08820b46faf72ee5b132bca<\/p>\n\n\n\n FileHash-SHA1 29f16c046a344e0d0adfea80d5d7958d6b6b8cfa<\/p>\n\n\n\n \u770b\u66f4\u591aLinux\u7248REvil\u52d2\u7d22\u8edf\u9ad4\u7684\u60c5\u8cc7: REvil ransomware Linux version<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" \u96a8\u8457\u4f01\u696d\u8f49\u5411\u865b\u64ec\u6a5f\u4ee5\u4fbf\u66f4\u8f15\u9b06\u5730\u9032\u884c\u5099\u4efd\u3001\u8a2d\u5099\u7ba1\u7406\u548c\u6709\u6548\u5229\u7528\u8cc7\u6e90\uff0c\u540c\u6642\u4e5f\u6709\u8d8a\u4f86\u8d8a\u591a\u7684\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u5efa\u7acb\u81ea\u5df1\u7684\u5de5\u5177\u4f86 READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[100,112],"class_list":["post-1191","post","type-post","status-publish","format-standard","hentry","category-6","tag-revilransomware","tag-112"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1191"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1191\/revisions"}],"predecessor-version":[{"id":1195,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1191\/revisions\/1195"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/06\/image-23.png\")
<\/figure>\n\n\n\n