Eldorado is a ransomware family identified in 2024 as part of the continuing trend of ransomware operations developing Linux-based lockers to target VMware ESXi environments. The provided content places Eldorado alongside Play and SEXi as newer families in this trend, and specifically states that groups like Eldorado have developed Linux lockers for attacks against VMware ESXi hypervisors. Based on the content, its notable capability is encryption of Linux/ESXi environments, particularly virtualized infrastructure. No specific infection vector, threat actor attribution, victim industry focus, or indicators of compromise are directly provided for Eldorado beyond its association with ESXi-focused ransomware activity.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
6 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Ransomware operation noted for Linux lockers tailored to VMware ESXi, encrypting VM files and disrupting operations by disabling active VMs.
Ransomware family referenced as part of 2024-era groups continuing ESXi/hypervisor targeting trends.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.