ioc[.]one - OSINT Cyber Threat Intelligence Database

Exposed and Encrypted: Inside a Mallox Ransomware Attack

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Power Settings - T1653 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Mshta - T1170 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	d0391613-f67a-45fe-af3e-76d2249e6768
Fingerprint	f4d4b892863b264d
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 27, 2024, 1 p.m.
Added to db	Aug. 31, 2024, 10:24 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Exposed and Encrypted: Inside a Mallox Ransomware Attack
Title	Exposed and Encrypted: Inside a Mallox Ransomware Attack
Detected Hints/Tags/Attributes	80/3/49

Source URLs

	Redirection	Url
Details	Source	https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/exposed-and-encrypted-inside-a-mallox-ransomware-attack/

URL Provider

Details	Provider	Source level domain
Details	trustwave.com	www.trustwave.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	386	✔	SpiderLabs Blog	https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	129	api.ipify.org
Details	File	1	-arab.bat
Details	File	1	kill-delete.bat
Details	File	2125	cmd.exe
Details	File	256	net.exe
Details	File	456	mshta.exe
Details	File	140	files.txt
Details	File	5	sqlserv.exe
Details	File	3	ntdbsmgr.exe
Details	File	9	mysql.exe
Details	File	9	powrprof.dll
Details	File	105	bcdedit.exe
Details	File	1	6pyadpzw.exe
Details	File	1	8udr7az1.exe
Details	File	1	gyiucwuh.exe
Details	File	1	kriyta2e.exe
Details	File	1	shh8a94u.exe
Details	File	1	vfujtg9q.exe
Details	File	1	xql3kqij.exe
Details	md5	2	ccf817dcd04c768f8d2def4e4e393375
Details	md5	2	9d1a08093886cb0b887bec36c3876a9d
Details	md5	2	e359ec4832daa9c0d5868ffa1d58e9bd
Details	md5	2	00db5602ec3b7ebd4299064aedd21733
Details	md5	2	c1dfc103a9d04db26640cd1a461702ae
Details	md5	2	fb9bd9ed8e1fb782123a9614d7d46483
Details	md5	2	1f83080a421c95234b8a54a95e507447
Details	md5	2	b57545cb36ef6a19fdde4b2208ebb225
Details	md5	2	1726416850d3bba46eeb804fae57083d
Details	md5	5	e98b3a8d2179e0bd0bebba42735d11b7
Details	sha256	2	c5d11d6d9036a7a500242fb080f5a1600cba4c4a639d516ee7b1a6b7e185e0db
Details	sha256	2	7162415a7e65c042589e67ad9246d0dca89447693b4e92d0f4beca011e1ad4c4
Details	sha256	2	ae2030f9b43c5bb039b219327391fda049be38fe092df02f3bbc1832f25a764c
Details	sha256	2	89302b545705212059fb591aeea54b1de8f63f0b7fa2b83e16ac7be94421cefa
Details	sha256	2	eb2e795dd56f6ed38b964d6a2d75cbe0c05c4ad8e66786cdbe6ac51c1582499a
Details	sha256	2	e657103f40f61395147f31baaca9ada6efb8bfa3da83c078557e3494c2755503
Details	sha256	2	972430371601ec17396e7bc7c62d3838cc95bec62bfed893a61919ac411b2bf2
Details	sha256	2	445d709ea4ae38706a0cc47ffc6c100fb9a354ff1ac718d0c23415524bdfc895
Details	sha256	2	c207a7a561ab726fb272b5abd99c4da8e927b5da788210d5dd186023c2783990
Details	sha256	2	e92f5d73a8cb1aa132602d3f35f2c2005deba64df99dcfff4e2219819ab3fffd
Details	IPv4	2	80.66.76.30
Details	IPv4	2	80.66.75.44
Details	IPv4	4	91.215.85.142
Details	Url	2	http://80.66.76.30/yvpvuzho.wav
Details	Url	2	http://80.66.76.30/yephpgs.wav
Details	Url	2	http://80.66.75.44/rpbbvlchy.mp4
Details	Url	2	http://80.66.76.30/zibgsfhbkzt.dat
Details	Url	2	http://80.66.76.30/vnohhowgf.mp4
Details	Url	2	http://80.66.76.30/fgeadmt.mp4
Details	Url	3	http://91.215.85.142/qwewqdsvsf/ap.php