Targetcompany

Malware updated 4 days ago (2024-09-04T12:18:14.439Z)

Download STIX

Preview STIX

TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, or websites and once inside, it has the potential to steal personal information, disrupt operations, or hold data for ransom. Recently, a new Linux version of the TargetCompany ransomware has been identified that specifically targets VMware ESXi environments. VMware ESXi is a type-1 hypervisor used by enterprises to virtualize their servers, and its compromise could have serious implications for business operations. The source of this information comes from a report on Security Affairs, a well-known cybersecurity news platform. The introduction of this new strain of ransomware represents a significant threat to businesses utilizing VMware ESXi environments. The potential for widespread disruption and data loss is substantial, given the critical role these environments play in enterprise IT infrastructure. Immediate action should be taken to ensure all systems are adequately protected against this new form of attack.

Description last updated: 2024-09-04T12:15:49.883Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Mallox	6	Mallox is a potent and evolving malware, first identified in 2021, that operates primarily as ransomware. It infiltrates networks predominantly via SQL servers, encrypts victims' files, and appends various extensions such as .ma1x0, .cookieshelper, and .karsovrop. Upon successful encryption, Mallox
Tohnichi	3	Tohnichi, also known as Mallox, TargetCompany, and Fargo, is a ransomware strain that primarily targets Microsoft Windows systems. This malware first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. The group behind this malicious software is associat
Xollam	2	Xollam is a malicious software, or malware, that operates as part of a ransomware group associated with various strains including TargetCompany, Tohnichi, Fargo, and Xollam. This group has seen a surge in activity, exploiting systems and causing significant damage. The malware infects systems throug

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Esxi

Payload

Linux

RaaS

Windows

Phishing

Exploit

Rat

Loader

Remcos

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Batcloak	Unspecified	2	BatCloak is a fully undetectable (FUD) malware obfuscation engine that has been used by threat actors to stealthily deliver their malware since September 2022. The BatCloak engine was initially part of an FUD builder named Jlaive, which began circulating in 2022. Although the Jlaive code repository
AsyncRAT	Unspecified	2	AsyncRAT is a form of malware, malicious software designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once installed, it can steal personal information, disrupt operations, or even hold data hostage

Source Document References

Information about the Targetcompany Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	4 days ago	Evolution of Mallox: from private ransomware to RaaS
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Checkpoint	3 months ago	10th June – Threat Intelligence Report - Check Point Research
Securityaffairs	3 months ago	Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	3 months ago	Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments
Securityaffairs	3 months ago	A new Linux version of TargetCompany ransomware targets VMware ESXi environments
Trend Micro	a year ago	An Overview of the Different Versions of the Trigona Ransomware
Quick Heal Technologies Ltd.	a year ago	Mallox Ransomware Strikes Unsecured MSSQL Servers
Unit42	a year ago	Threat Group Assessment: Mallox Ransomware
CERT-EU	a year ago	An Overview of the Different Versions of the Trigona Ransomware
CERT-EU	a year ago	New Yashma Ransomware Variant Targets Multiple English-Speaking Countries
CERT-EU	a year ago	Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks