Tag

Qemu

3 briefs RSS

Payouts King Ransomware Abusing QEMU VMs for Defense Evasion

The Payouts King ransomware is leveraging QEMU VMs as a reverse SSH backdoor to execute payloads, store malicious files, and establish covert remote access tunnels, bypassing endpoint security measures.

GOLD ENCOUNTER payouts-king ransomware qemu vm defense-evasion

2r 8t 1c 1i Apr 18, 2026

critical threat

QEMU Hypervisor Escape via virtio-snd 0-Day

2 rules 2 TTPs

An unpatched vulnerability in QEMU's virtio-snd component allows for a hypervisor escape due to an uncontrolled heap overflow.

virtualization hypervisor qemu virtio-snd heap overflow hypervisor escape

2r 2t Mar 19, 2026

high advisory

Suspicious QEMU Execution on Windows

2 rules 2 TTPs

Detects the execution of QEMU with the -nographic flag and an image file on Windows systems, a technique used for persistence and initial access by installing a rogue Linux virtual machine.

Splunk Enterprise +3 qemu virtualization persistence linux windows

2r 2t Jan 3, 2024