Mallox

Malware updated a month ago (2024-11-29T13:32:25.205Z)
Download STIX
Preview STIX
Mallox is a potent malware that has been causing significant disruption in the digital world. This ransomware, primarily infiltrating networks via SQL servers, has shown its ability to adapt and evolve over time. PCrisk has identified new variants of Mallox that append extensions such as .ma1x0, .cookieshelper, and .karsovrop, each dropping a unique ransom note on the victim's system. SentinelLabs further explains the complex nature of this malware, describing it as a part of a "complex menagerie of cross-pollinated toolsets and non-linear codebases," indicating the intricate and evolving landscape of ransomware threats. The Mallox ransomware group has adopted Kryptina, a Ransomware-as-a-Service (RaaS) tool initially available for free on dark web forums. In an interesting development, a Mallox affiliate updated Kryptina’s source code and documentation, translating it into Russian and adjusting branding but leaving encryption routines largely intact. This resulted in a variant known as “Mallox v1.0,” which uses AES-256 encryption with minor changes to the original code. It retains the core functionality of Kryptina while removing its branding, signaling the commoditization of ransomware tools in the cybercrime market. However, the group faced a setback in May 2024 when a Mallox affiliate leaked server data, revealing the use of a modified version of Kryptina to power Linux-based ransomware attacks. Despite this, Mallox remains a serious threat to enterprises. By understanding the nature and evolution of Mallox ransomware, organizations can implement appropriate security measures to safeguard their digital assets and minimize the risk of falling victim to this malicious software.
Description last updated: 2024-09-23T21:15:44.096Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Targetcompany is a possible alias for Mallox. TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, o
6
Fargo is a possible alias for Mallox. Fargo, also known as Mallox and Tohnichi, is a ransomware strain that targets Microsoft Windows systems. It first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. This malicious software is distributed primarily to unsecured MS-SQL servers, exploiting
4
Tohnichi is a possible alias for Mallox. Tohnichi, also known as Mallox, TargetCompany, and Fargo, is a ransomware strain that primarily targets Microsoft Windows systems. This malware first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. The group behind this malicious software is associat
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Extortion
Malware
Encryption
Windows
RaaS
Ransomware P...
Linux
Remcos
Payload
Vulnerability
Cybercrime
Sql
Antivirus
Exploit
Downloader
Loader
Encrypt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Batcloak Malware is associated with Mallox. BatCloak is a fully undetectable (FUD) malware obfuscation engine that has been used by threat actors to stealthily deliver their malware since September 2022. The BatCloak engine was initially part of an FUD builder named Jlaive, which began circulating in 2022. Although the Jlaive code repository Unspecified
2
The Lockbit Malware is associated with Mallox. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2
Source Document References
Information about the Mallox Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
25 days ago
InfoSecurity-magazine
3 months ago
Securityaffairs
3 months ago
Securelist
4 months ago
Securelist
5 months ago
DARKReading
7 months ago
InfoSecurity-magazine
7 months ago
Securelist
8 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago