Targetcompany

Malware Profile Updated 9 days ago
Download STIX
Preview STIX
TargetCompany, a well-known malware group, has developed a new Linux variant of its ransomware that specifically targets VMware ESXi environments. This discovery was made by researchers at Trend Micro who track the group under the name Mallox. The novel variant is designed to detect whether a targeted system is running in a VMware ESXi environment and has administrative rights, only proceeding with an attack if these requirements are met. This strategic approach significantly enhances the malware's effectiveness and poses a significant threat to virtual machine infrastructure. The ransomware performs its routine, after which it deletes the TargetCompany payload, creating an additional challenge for defenders. This deletion makes it difficult to fully understand the extent of the attack, complicating the investigation and incident response process. The complexity of this variant signifies a high level of sophistication in the development and deployment of the malware, indicating a more advanced threat landscape. Given the increasing reliance on virtual environments like VMware ESXi, this new development represents a serious cybersecurity concern. Organizations using such environments should heighten their security measures and ensure robust detection and response systems are in place. As the TargetCompany ransomware continues to evolve, the need for comprehensive cybersecurity strategies becomes even more critical.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mallox
5
Mallox, also known as Fargo and Tohnichi, is a sophisticated malware that first surfaced in June 2021. This ransomware infiltrates systems primarily via SQL servers and has been observed to be particularly active in Taiwan, India, Thailand, and South Korea. It employs various variants that append di
Tohnichi
3
Tohnichi, also known as Mallox, TargetCompany, and Fargo, is a ransomware strain that primarily targets Microsoft Windows systems. This malware first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. The group behind this malicious software is associat
Xollam
2
Xollam is a malicious software, or malware, that operates as part of a ransomware group associated with various strains including TargetCompany, Tohnichi, Fargo, and Xollam. This group has seen a surge in activity, exploiting systems and causing significant damage. The malware infects systems throug
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Payload
Esxi
Phishing
Loader
Exploit
Remcos
Linux
RaaS
Windows
Rat
Backdoor
Extortion
Encryption
Spam
Gbhackers
Cybercrime
Sql
Exploits
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AsyncRATUnspecified
2
AsyncRAT is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Once the executable loads http_dll.dll, the DL
BatcloakUnspecified
2
BatCloak is a fully undetectable (FUD) malware obfuscation engine that has been used by threat actors to stealthily deliver their malware since September 2022. The BatCloak engine was initially part of an FUD builder named Jlaive, which began circulating in 2022. Although the Jlaive code repository
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RansomhubUnspecified
1
RansomHub, a threat actor known for executing actions with malicious intent, has recently been linked to several high-profile cyber-attacks. The group is recognized for its ransomware attacks, which have resulted in significant data breaches at multiple companies. Christie, a prominent organization,
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Asyncrat RemcosUnspecified
1
None
Source Document References
Information about the Targetcompany Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
2 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
9 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
16 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
23 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Checkpoint
a month ago
10th June – Threat Intelligence Report - Check Point Research
Securityaffairs
a month ago
Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
2 months ago
Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments
Securityaffairs
2 months ago
A new Linux version of TargetCompany ransomware targets VMware ESXi environments
Trend Micro
a year ago
An Overview of the Different Versions of the Trigona Ransomware
Quick Heal Technologies Ltd.
a year ago
Mallox Ransomware Strikes Unsecured MSSQL Servers
Unit42
a year ago
Threat Group Assessment: Mallox Ransomware
CERT-EU
a year ago
An Overview of the Different Versions of the Trigona Ransomware
CERT-EU
a year ago
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries
CERT-EU
a year ago
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
CERT-EU
a year ago
Cyber Security Today, August 9, 2023 – The latest ransomware news, and more | IT World Canada News
DARKReading
a year ago
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics
CERT-EU
a year ago
New Yashma Ransomware Targets English-Speaking Nations