Here a list of useful IoC, script and other things for the “massive shame”
I will not write blabla about what happened and is happening, this want be a reference ongoing article for researcher. I add all the recent Iocs about vmware and malware related , Beware! The massive attack is prolly a in-the-wild things and totally new so be careful state “is about CVE-2021-XXX” /SUPPOSE YOU PATCHED ALREADY THAT SHIT!)
I will include here also results from our Esxi Honeypot
IoC
https://otx.alienvault.com/pulse/63d0b7316d2d0687affe1630
https://otx.alienvault.com/pulse/63deacc00866255866330429
https://otx.alienvault.com/pulse/63997389ec56624102d39e65
https://otx.alienvault.com/pulse/63939dfcb68dba0721d9eb80
https://otx.alienvault.com/pulse/63997004e8142e99771a75c3
https://otx.alienvault.com/pulse/6362a673f9a6a564a602bd67
https://github.com/fastfire/IoC_Attack_ESXi_Feb_2023
https://github.com/soufianetahiri/ESXi_ransomware_bitcoinWallets
https://otx.alienvault.com/pulse/614e0dc583aa90bf2dd4ec91
Perpetual Scanner
shoda.io
zoomeye.org
censys.io
Script
https://github.com/psychomad/esxiMon
https://github.com/cisagov/ESXiArgs-Recover
https://github.com/marklindsey11/ESXiArgs-POC-EXPLOIT-CODE
https://github.com/merlinepedra/ESXiArgs-Recover
https://github.com/olafkewl/esxiargs-recover
https://github.com/sqrtZeroKnowledge/EsxiArgs_Ransomware
https://github.com/merlinepedra25/ESXiArgs-Recover
Research
https://www.giac.org/paper/gcfa/116/analysis-compromised-honeypot-vmware-linux73/105650
Remediation
https://enes.dev/
Caria Giovanni - Security Blog 