Xollam

Malware updated a month ago (2024-11-29T14:02:03.519Z)
Download STIX
Preview STIX
Xollam is a malicious software, or malware, that operates as part of a ransomware group associated with various strains including TargetCompany, Tohnichi, Fargo, and Xollam. This group has seen a surge in activity, exploiting systems and causing significant damage. The malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Xollam represents a new strain within this group, linked to the threat actor Mallox, which is also tied to other ransomware strains. The emergence of Xollam and its associated group, 8Base, aligns with a broader trend of new ransomware variants entering the market, such as Big Head, CryptNet, and Mallox. In an evolution of the threat landscape, Xollam has been observed using a fully undetectable (FUD) obfuscator engine called BatCloak to infect vulnerable systems with remote access trojans like Remcos RAT. This approach allows it to maintain a stealthy presence on targeted networks, significantly increasing the potential harm it can cause. In a further deviation from the norm, Xollam has been observed using malicious OneNote file attachments for initial access. This innovative attack vector was detailed by Trend Micro last month, highlighting the evolving nature of these threats. As malware continues to evolve and adapt, so too must our defenses, underscoring the importance of continuous vigilance and proactive cybersecurity measures.
Description last updated: 2024-05-04T20:56:02.981Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Targetcompany is a possible alias for Xollam. TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, o
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Xollam Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more