Analysis of TargetCompany’s Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)

May 2, 2024, 2:18 p.m.

Description

The report analyzes recent attacks by the TargetCompany ransomware group targeting poorly managed MS-SQL servers. The group initially installs Remcos RAT and a remote screen control malware for reconnaissance and lateral movement. Subsequently, the Mallox ransomware is deployed to encrypt the infected systems. The attacks are believed to be connected to previous campaigns involving the Tor2Mine CoinMiner and BlueSky ransomware.

External References

https://asec.ahnlab.com/en/64921/
https://otx.alienvault.com/pulse/66339e1490af98ce9b7d690a
Tags
ransomware
remcos
mallox
sql
tor2mine
bluesky

Date

  • Created: May 2, 2024, 2:07 p.m.
  • Published: May 2, 2024, 2:07 p.m.
  • Modified: May 2, 2024, 2:18 p.m.

Indicators

  • 7c10256d9358d4cadb96b8160651172b6ac9a4bf898868823f7c76bf33cb823e
  • 91.215.85.142
  • 80.66.75.238
  • 5.188.86.237
  • 42.193.223.169
Download all indicators here!

Attack Patterns

  • Tor2Mine
  • BlueSky
  • Mallox
  • Remcos
  • TargetCompany
  • T1490
  • T1567
  • T1489
  • T1486
  • T1547
  • T1105
  • T1083
  • T1562
  • T1059