BlackMould

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
BlackMould is a type of malware, specifically a native web shell, that has been observed in use by GALLIUM, a China-aligned intrusion group. This malicious software is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites without the user's knowledge. BlackMould is based on the China Chopper web shell and is particularly tailored for servers running Microsoft IIS. This malware was identified and named by Microsoft. The primary function of BlackMould is to target network devices, including routers, Internet-exposed servers, and edge devices. It achieves this by leveraging vulnerabilities in these systems, often referred to as "zero-day vulnerabilities". These are previously unknown flaws in software that can be exploited before they are discovered and fixed by the software's creators. By exploiting such vulnerabilities, BlackMould can infiltrate and take control of a system. Once inside a system, BlackMould has the capability to perform various tasks on the victim host. Although the specific functionalities were not detailed in the provided information, typical malware actions may include stealing personal information, disrupting operations, or holding data hostage for ransom. The activities of BlackMould underscore the importance of robust cybersecurity measures, including regular system updates and patches, to protect against such threats.
What's your take? (Question 1 of 2)
793bb229-28e5-4218-93f6-43162ef222a8 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
China Chopper
2
China Chopper is a notorious malware that has been widely used by various Advanced Persistent Threat (APT) groups, notably BRONZE UNION. This web shell was found embedded in multiple web shells on SharePoint servers, such as stylecs.aspx, test.aspx, and stylecss.aspx. It is believed to be associated
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Iis
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GALLIUMUnspecified
2
Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the BlackMould Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
GALLIUM: Targeting global telecom
CERT-EU
8 months ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online