Back

Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns

May 14, 2024, 6:30 p.m.

Tags

powershell
plugx
ransom
mallox
purecrypter
2024-05-09
2024-05-14
bitcoin
trigona
mssql
mssql server
maestro
as208091
mallox raas
unsafe
shutdown
clr sqlshell
sqlshell
xollam
link http
2024-05-10

External References

https://blog.sekoia.io/

https://otx.alienvault.com/

Description

A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the PureCrypter ransomware.

Date

Published Created Modified
May 14, 2024, 6:03 p.m. May 14, 2024, 6:03 p.m. May 14, 2024, 6:30 p.m.

Indicators

e92f5d73a8cb1aa132602d3f35f2c2005deba64df99dcfff4e2219819ab3fffd

19005bf424024b22edaae18bf1da55ea05092f906a19aee7b86e9624cc9fa34e

dd41f029f28c03067bb392ec99f085d84ce02f84102f948782fda9e69a835b51

29256d84f25518007da05dba434aee3b20260817809f8407a7ac6d97b3ed81de

0772ab3066dbc9863f415f505e3a136266d46d9c8889646b3c3720c44d4ced79

04ba9dd2d3127511af52e1be3015e0424491cfb2133f90f8b5b5cac2e33166d4

80.66.76.251

87.251.75.92

80.66.75.44

91.215.85.142

Attack Patterns

Xollam

Mallox

Trigona

Mallox

T1110

T1497

T1114

T1127

T1486

T1559

T1547

T1057

T1036

T1033

T1560

T1562

T1090

T1068

T1059

Additional Informations

Retail

Technology

Manufacturing

Qatar

Australia

Canada

Germany

Kazakhstan

United Kingdom of Great Britain and Northern Ireland

Ukraine

United States of America

Russian Federation