.. /pkill
Star

Terminate Process

Forcefully terminates processes by performing a full or partial match based on the process name. It is commonly exploited by adversaries to abruptly stop running Virtual Machine (VM) executable processes. This is usually performed prior to ransomware deployment.


Paths:

Resources:
Acknowledgements:

Atomic Tests:

Terminate Process

  1. Terminates all processes starts with the vmx- prefix.

    pkill -9 %s
    Use case
    Forceful termination of Virtual Machines
    Privileges required
    Administrator
    Operating systems
    ESXi
    Additional Procedural Examples
    • pkill -9 vmx-*
    ATT&CK® technique
    T1489

    Tags
    E-Crime: Revil
    Aka Sodinokibi is a Russian-based cybercriminal group that operates a RaaS model