Tohnichi

Malware updated 15 days ago (2024-11-29T14:09:32.668Z)
Download STIX
Preview STIX
Tohnichi, also known as Mallox, TargetCompany, and Fargo, is a ransomware strain that primarily targets Microsoft Windows systems. This malware first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. The group behind this malicious software is associated with various other ransomware strains, signaling a broader threat landscape. Recently, the group has become increasingly active, indicating a significant shift in its operations. One of the primary attack vectors for Tohnichi is through vulnerable SQL servers running on targeted organizations' systems. The group has been actively exploiting these vulnerabilities, increasing the risk for businesses that use or run susceptible SQL servers. On August 10, 2023, it was reported that Tohnichi was actively targeting such organizations, further underscoring the escalating threat posed by this malware. In addition to its existing capabilities, the Tohnichi ransomware group recently unveiled a new variant of the malware along with several malicious tools for persistence and covert operations. These new developments are rapidly gaining traction and pose an increased threat to targeted organizations. The continued evolution and activity of the Tohnichi group suggest that it remains a significant cybersecurity concern.
Description last updated: 2024-06-06T19:17:05.710Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mallox is a possible alias for Tohnichi. Mallox is a potent malware that has been causing significant disruption in the digital world. This ransomware, primarily infiltrating networks via SQL servers, has shown its ability to adapt and evolve over time. PCrisk has identified new variants of Mallox that append extensions such as .ma1x0, .co
3
Targetcompany is a possible alias for Tohnichi. TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, o
3
Fargo is a possible alias for Tohnichi. Fargo, also known as Mallox and Tohnichi, is a ransomware strain that targets Microsoft Windows systems. It first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. This malicious software is distributed primarily to unsecured MS-SQL servers, exploiting
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Tohnichi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more