Analysis of TargetCompany’s Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
May 2, 2024, 2:18 p.m.
Tags
External References
Description
The report analyzes recent attacks by the TargetCompany ransomware group targeting poorly managed MS-SQL servers. The group initially installs Remcos RAT and a remote screen control malware for reconnaissance and lateral movement. Subsequently, the Mallox ransomware is deployed to encrypt the infected systems. The attacks are believed to be connected to previous campaigns involving the Tor2Mine CoinMiner and BlueSky ransomware.
Date
Published: May 2, 2024, 2:07 p.m.
Created: May 2, 2024, 2:07 p.m.
Modified: May 2, 2024, 2:18 p.m.
Indicators
7c10256d9358d4cadb96b8160651172b6ac9a4bf898868823f7c76bf33cb823e
91.215.85.142
80.66.75.238
5.188.86.237
42.193.223.169
Attack Patterns
Tor2Mine
BlueSky
Mallox
Remcos
TargetCompany
T1490
T1567
T1489
T1486
T1547
T1105
T1083
T1562
T1059