Mallox Ransomware Strikes Unsecured MSSQL Servers
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter
maec-delivery-vectors: Watering Hole
attack-pattern: Data Command And Scripting Interpreter - T1623 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 File And Directory Discovery - T1420 Inhibit System Recovery - T1490 System Information Discovery - T1426 Powershell - T1059.001 Process Hollowing - T1055.012 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Brute Force - T1110 Command-Line Interface - T1059 File And Directory Discovery - T1083 Powershell - T1086 Process Hollowing - T1093 System Information Discovery - T1082 Service Stop
Show in Graph
Common Information
Type Value
UUID 127dd4e7-6ed3-4fc5-b807-25aa1e2c8623
Fingerprint bc46283100490609
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 18, 2023, 3:57 p.m.
Added to db Oct. 24, 2023, 1:14 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Mallox Ransomware Strikes Unsecured MSSQL Servers
Title Mallox Ransomware Strikes Unsecured MSSQL Servers
Detected Hints/Tags/Attributes 64/3/25
Source URLs
Redirection Url
Details Source https://blogs.quickheal.com/mallox-ransomware-strikes-unsecured-mssql-servers/
URL Provider
Details Provider Source level domain
Details quickheal.com blogs.quickheal.com
Attributes
Details Type #Events CTI Value
Details Domain 339 
system.net
Details Domain 13 
files.catbox.moe
Details Domain 3 
wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion
Details File 19 
recovery.txt
Details File 119 
sqlservr.exe
Details File 2 
c:\windows\\system32\\cmd.exe
Details File 4 
%temp%\updt.ps1
Details File 4 
%temp%\tzt.bat
Details File 3 
tzt.bat
Details File 2 
aspnet_complier.exe
Details File 5 
killer.bat
Details File 2 
mfhigwwvise.exe
Details File 1 
compler.exe
Details md5 2 
77BFCEE98F086C8E25A69D252A6609E1
Details md5 2 
08D4D184E6E3484E8B676FA0E0A24AFA
Details md5 2 
1B7578D04324CD6C8BF11985B79A814A
Details IPv4 2 
43.138.76.102
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 276 
T1490
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 197 
T1489
Details Url 2 
http://43.138.76.102/mfhigwwvsie.bat
Details Url 2 
https://files.catbox.moe/r6piiq.vdf