Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns

May 14, 2024, 6:30 p.m.

Description

A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the PureCrypter ransomware.

External References

https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/
https://otx.alienvault.com/pulse/6643a78898555f57c75a108a
Tags
powershell
plugx
ransom
mallox
purecrypter
2024-05-09
2024-05-14
bitcoin
trigona
mssql
mssql server
maestro
as208091
mallox raas
unsafe
shutdown
clr sqlshell
sqlshell
xollam
link http
2024-05-10

Date

  • Created: May 14, 2024, 6:03 p.m.
  • Published: May 14, 2024, 6:03 p.m.
  • Modified: May 14, 2024, 6:30 p.m.

Indicators

  • e92f5d73a8cb1aa132602d3f35f2c2005deba64df99dcfff4e2219819ab3fffd
  • 19005bf424024b22edaae18bf1da55ea05092f906a19aee7b86e9624cc9fa34e
  • dd41f029f28c03067bb392ec99f085d84ce02f84102f948782fda9e69a835b51
  • 29256d84f25518007da05dba434aee3b20260817809f8407a7ac6d97b3ed81de
  • 0772ab3066dbc9863f415f505e3a136266d46d9c8889646b3c3720c44d4ced79
  • 04ba9dd2d3127511af52e1be3015e0424491cfb2133f90f8b5b5cac2e33166d4
  • 80.66.76.251
  • 87.251.75.92
  • 80.66.75.44
  • 91.215.85.142
Download all indicators here!

Attack Patterns

  • Xollam
  • Mallox
  • Trigona
  • Mallox

Additional Informations

  • Retail
  • Technology
  • Manufacturing
  • Qatar
  • Australia
  • Canada
  • Germany
  • Kazakhstan
  • United Kingdom of Great Britain and Northern Ireland
  • Ukraine
  • United States of America
  • Russian Federation