Back

Analysis of TargetCompany’s Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)

May 2, 2024, 2:18 p.m.

Tags

ransomware
remcos
mallox
sql
tor2mine
bluesky

External References

https://asec.ahnlab.com/

https://otx.alienvault.com/

Description

The report analyzes recent attacks by the TargetCompany ransomware group targeting poorly managed MS-SQL servers. The group initially installs Remcos RAT and a remote screen control malware for reconnaissance and lateral movement. Subsequently, the Mallox ransomware is deployed to encrypt the infected systems. The attacks are believed to be connected to previous campaigns involving the Tor2Mine CoinMiner and BlueSky ransomware.

Date

Published Created Modified
May 2, 2024, 2:07 p.m. May 2, 2024, 2:07 p.m. May 2, 2024, 2:18 p.m.

Indicators

7c10256d9358d4cadb96b8160651172b6ac9a4bf898868823f7c76bf33cb823e

91.215.85.142

80.66.75.238

5.188.86.237

42.193.223.169

Attack Patterns

Tor2Mine

BlueSky

Mallox

Remcos

TargetCompany

T1490

T1567

T1489

T1486

T1547

T1105

T1083

T1562

T1059