"FileKey6=%LocalAppData%\VMware|*.log" (Indicator: "vmware") "FileKey4=%CommonAppData%\VMware\VMware vCenter Converter Standalone|*.log *.gz *.zip|RECURSE" (Indicator: "vmware") "FileKe圓=%CommonAppData%\VMware\logs|*.log|RECURSE" (Indicator: "vmware") "FileKey2=%CommonAppData%\VMware\Installer|*.*|REMOVESELF" (Indicator: "vmware") "FileKey1=%CommonAppData%\VMware\hostd|*.log *.gz|RECURSE" (Indicator: "vmware") "Detect=HKLM\Software\VMware, Inc.\VMware Workstation" (Indicator: "vmware") "FileKey2=%LocalAppData%\VMware|*.log" (Indicator: "vmware") "Detect=HKLM\Software\VMware, Inc.\VMware Player" (Indicator: "vmware") "FileKey2=%UserProfile%\VirtualBox VMs\*\Logs|*.log *.log.*" (Indicator: "virtualbox") Brothers in Arms (Paradox Destroyer) Family Reunion (Paradox Destroyer) Mist Recovery. "FileKey1=%UserProfile%\.VirtualBox|VBoxSVC.log.* VBoxSVC.* *.log *.log.*" (Indicator: "virtualbox") Bludhaven (Bludhaven Avenger, Major Force) The Hunt (Scarecrow, Bane, Johnny Blowtorch) Knightsdome Arena. "FileKey1=%UserProfile%\.VirtualBox|VBoxSVC.log.* VBoxSVC.* *.log *.log.*" (Indicator: "vbox")
"DetectFile=%UserProfile%\.VirtualBox" (Indicator: "virtualbox") "FileKey2=%UserProfile%\VirtualBox VMs\*|genymotion-player*.log logcat*.txt" (Indicator: "virtualbox") Found malicious artifacts related to "104.28.1.54".