Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Mallox ransomware: in-depth analysis and evolution

Sept. 4, 2024, 6:49 p.m.

Description

Mallox is a sophisticated ransomware family that emerged in 2021 and has since evolved into a Ransomware-as-a-Service (RaaS) operation. Initially targeting specific companies, it transitioned to a more generic approach, likely as part of its RaaS model. The malware employs complex encryption schemes, including elliptic-curve cryptography and ChaCha20, which have been modified over time to address vulnerabilities. Mallox targets various countries, with Brazil, Vietnam, and China being the most affected. The RaaS operates on a profit-sharing model, offering up to 80% to affiliates with access to large networks. The group actively maintains a data leak site and negotiation portal on the dark web, and uses social media to publicize their activities and attract new affiliates.

Date

Published: Sept. 4, 2024, 4:31 p.m.

Created: Sept. 4, 2024, 4:31 p.m.

Modified: Sept. 4, 2024, 6:49 p.m.

Indicators

df64e87ecb30f4cadf54f2c1b3d3cba8cc2d315db0fd4af2d11add57baa56f6a

db12aacbc394e441e23c1e1d9ce25ca354a554d7362b399e6d0e33770f0e98fe

c4ff97dfb8e0523cc97b6e2987f71e678f1aea05f65ec934e292bb7f0ecc985e

e92f5d73a8cb1aa132602d3f35f2c2005deba64df99dcfff4e2219819ab3fffd

0427a9f68d2385f7d5ba9e9c8e5c7f1b6e829868ef0a8bc89b2f6dae2f2020c4

f7e8a0eac54dd040e2609546fca263f2c2753802ff57e7c62d5e9ccfa04bdb1a

91.215.85.142

Attack Patterns

Remcos RAT

Mallox

Mallox

T1568

T1567.002

T1490

T1059.001

T1567

T1012

T1071.001

T1562.001

T1573

T1491

T1489

T1486

T1082

T1083

T1055

T1132

T1027

Additional Informations

Technology

Healthcare

Energy

Finance

Telecommunications

Manufacturing

Australia

China

Canada

Germany

Brazil