Tag

Vm

3 briefs RSS

Azure VM Managed Run Command Abuse for Execution and Persistence

Adversaries can abuse the Azure VM Managed Run Command feature (MICROSOFT.COMPUTE/VIRTUALMACHINES/RUNCOMMANDS/WRITE) to achieve code execution as System or root and establish persistence on Azure Virtual Machines or Virtual Machine Scale Sets by an unusual identity, potentially evading detections focused solely on action-based Run Commands.

Azure Virtual Machines +2 cloud azure execution persistence defense-evasion vm iac

2r 1t 1d ago

medium threat

Azure VM Serial Console Exploitation for Lateral Movement

3 rules 2 TTPs

Adversaries with privileged Azure RBAC roles are exploiting the Azure VM Serial Console to gain SYSTEM/root access on virtual machines, bypassing network controls like NSGs and JIT policies, with detections focusing on unusual user and source network combinations.

Azure Virtual Machine +1 cloud azure lateral-movement defense-evasion initial-access vm

3r 2t 2d ago

critical threat

Payouts King Ransomware Abusing QEMU VMs for Defense Evasion

2 rules 8 TTPs 1 CVE 1 IOC

The Payouts King ransomware is leveraging QEMU VMs as a reverse SSH backdoor to execute payloads, store malicious files, and establish covert remote access tunnels, bypassing endpoint security measures.

GOLD ENCOUNTER payouts-king ransomware qemu vm defense-evasion

2r 8t 1c 1i Apr 18, 2026