Tohnichi

Malware Profile Updated a month ago
Download STIX
Preview STIX
Tohnichi, also known as Mallox, TargetCompany, and Fargo, is a ransomware strain that primarily targets Microsoft Windows systems. This malware first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. The group behind this malicious software is associated with various other ransomware strains, signaling a broader threat landscape. Recently, the group has become increasingly active, indicating a significant shift in its operations. One of the primary attack vectors for Tohnichi is through vulnerable SQL servers running on targeted organizations' systems. The group has been actively exploiting these vulnerabilities, increasing the risk for businesses that use or run susceptible SQL servers. On August 10, 2023, it was reported that Tohnichi was actively targeting such organizations, further underscoring the escalating threat posed by this malware. In addition to its existing capabilities, the Tohnichi ransomware group recently unveiled a new variant of the malware along with several malicious tools for persistence and covert operations. These new developments are rapidly gaining traction and pose an increased threat to targeted organizations. The continued evolution and activity of the Tohnichi group suggest that it remains a significant cybersecurity concern.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mallox
3
Mallox, also known as Fargo and Tohnichi, is a sophisticated malware that first surfaced in June 2021. This ransomware infiltrates systems primarily via SQL servers and has been observed to be particularly active in Taiwan, India, Thailand, and South Korea. It employs various variants that append di
Targetcompany
3
TargetCompany, a well-known malware group, has developed a new Linux variant of its ransomware that specifically targets VMware ESXi environments. This discovery was made by researchers at Trend Micro who track the group under the name Mallox. The novel variant is designed to detect whether a target
Fargo
2
Fargo, also known as Mallox and Tohnichi, is a ransomware strain that targets Microsoft Windows systems. It first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. This malicious software is distributed primarily to unsecured MS-SQL servers, exploiting
Xollam
1
Xollam is a malicious software, or malware, that operates as part of a ransomware group associated with various strains including TargetCompany, Tohnichi, Fargo, and Xollam. This group has seen a surge in activity, exploiting systems and causing significant damage. The malware infects systems throug
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Windows
Sql
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Tohnichi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a month ago
Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments
CERT-EU
a year ago
TargetCompany Ransomware Deploy Fully Undetectable Malware on SQL Server | IT Security News
CERT-EU
a year ago
Mallox Ransomware Witnessing Alarming Surge in Activity
Unit42
a year ago
Threat Group Assessment: Mallox Ransomware
DARKReading
a year ago
Mallox Ransomware Group Activity Shifts Into High Gear
CERT-EU
a year ago
TargetCompany Ransomware Deploy Fully Undetectable Malware on SQL Server
DARKReading
a year ago
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics