{
	"id": "f02d42a3-6b77-4214-b416-5c503786fb33",
	"created_at": "2026-04-06T03:37:01.147377Z",
	"updated_at": "2026-04-10T03:31:13.711267Z",
	"deleted_at": null,
	"sha1_hash": "01552296aeac22c9ad187040472850ac31c84fa6",
	"title": "LOLESXi",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 33943,
	"plain_text": "LOLESXi\r\nArchived: 2026-04-06 03:11:13 UTC\r\nLiving Off The Land ESXi\r\nLOLESXi features a comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries\r\nhave utilised in their operations. The information on this site is compiled from open-source threat research.\r\nThis project is a collaborative project created by Janantha Marasinghe. Special thanks to Wietze Beukema for his\r\ncontributions and the LOLBAS project for the theme. If you would like to contribute, check out our contribution\r\nguide. More information on programmatically accesssing this project can be found on the API page.\r\nMITRE ATT\u0026CK® and ATT\u0026CK® are registered trademarks of The MITRE Corporation. You can see the\r\ncurrent ATT\u0026CK® mapping of this project on the ATT\u0026CK® Navigator.\r\nIf you are looking for UNIX binaries, please visit gtfobins.github.io.\r\nIf you are looking for drivers, please visit loldrivers.io.\r\nIf you are looking for Windows Binaries, Scripts and Libraries please visit lolbas-project.github.io.\r\nUseful Resources\r\nMike L's ESXi IR Guide\r\nAlbino Gazelle's ESXi Testing Toolkit\r\nIcon Credit : Robot icons created by juicy_fish - Flaticon\r\nSource: https://lolesxi-project.github.io/LOLESXi/\r\nhttps://lolesxi-project.github.io/LOLESXi/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://lolesxi-project.github.io/LOLESXi/"
	],
	"report_names": [
		"LOLESXi"
	],
	"threat_actors": [
		{
			"id": "f4f16213-7a22-4527-aecb-b964c64c2c46",
			"created_at": "2024-06-19T02:03:08.090932Z",
			"updated_at": "2026-04-10T02:00:03.6289Z",
			"deleted_at": null,
			"main_name": "GOLD NIAGARA",
			"aliases": [
				"Calcium ",
				"Carbanak",
				"Carbon Spider ",
				"FIN7 ",
				"Navigator ",
				"Sangria Tempest ",
				"TelePort Crew "
			],
			"source_name": "Secureworks:GOLD NIAGARA",
			"tools": [
				"Bateleur",
				"Carbanak",
				"Cobalt Strike",
				"DICELOADER",
				"DRIFTPIN",
				"GGLDR",
				"GRIFFON",
				"JSSLoader",
				"Meterpreter",
				"OFFTRACK",
				"PILLOWMINT",
				"POWERTRASH",
				"SUPERSOFT",
				"TAKEOUT",
				"TinyMet"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775446621,
	"ts_updated_at": 1775791873,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/01552296aeac22c9ad187040472850ac31c84fa6.pdf",
		"text": "https://archive.orkl.eu/01552296aeac22c9ad187040472850ac31c84fa6.txt",
		"img": "https://archive.orkl.eu/01552296aeac22c9ad187040472850ac31c84fa6.jpg"
	}
}