Tohnichi

Malware updated 3 months ago (2024-06-06T19:17:34.213Z)

Download STIX

Preview STIX

Tohnichi, also known as Mallox, TargetCompany, and Fargo, is a ransomware strain that primarily targets Microsoft Windows systems. This malware first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. The group behind this malicious software is associated with various other ransomware strains, signaling a broader threat landscape. Recently, the group has become increasingly active, indicating a significant shift in its operations. One of the primary attack vectors for Tohnichi is through vulnerable SQL servers running on targeted organizations' systems. The group has been actively exploiting these vulnerabilities, increasing the risk for businesses that use or run susceptible SQL servers. On August 10, 2023, it was reported that Tohnichi was actively targeting such organizations, further underscoring the escalating threat posed by this malware. In addition to its existing capabilities, the Tohnichi ransomware group recently unveiled a new variant of the malware along with several malicious tools for persistence and covert operations. These new developments are rapidly gaining traction and pose an increased threat to targeted organizations. The continued evolution and activity of the Tohnichi group suggest that it remains a significant cybersecurity concern.

Description last updated: 2024-06-06T19:17:05.710Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Mallox	3	Mallox is a potent malware variant that operates as ransomware, infecting systems primarily through SQL servers. The malicious software was first identified by PCrisk, which discovered variants of Mallox that append extensions such as .ma1x0, .cookieshelper, and .karsovrop to encrypted files. These
Targetcompany	3	TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, o
Fargo	2	Fargo, also known as Mallox and Tohnichi, is a ransomware strain that targets Microsoft Windows systems. It first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. This malicious software is distributed primarily to unsecured MS-SQL servers, exploiting

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Tohnichi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	3 months ago	Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments
CERT-EU	a year ago	TargetCompany Ransomware Deploy Fully Undetectable Malware on SQL Server \| IT Security News
CERT-EU	a year ago	Mallox Ransomware Witnessing Alarming Surge in Activity
Unit42	a year ago	Threat Group Assessment: Mallox Ransomware
DARKReading	a year ago	Mallox Ransomware Group Activity Shifts Into High Gear
CERT-EU	a year ago	TargetCompany Ransomware Deploy Fully Undetectable Malware on SQL Server
DARKReading	a year ago	Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics