Emulating the Extortionist Mallox Ransomware
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter
attack-pattern: Data Model Clear Windows Event Logs - T1070.001 Command And Scripting Interpreter - T1623 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Inhibit System Recovery - T1490 Local Account - T1087.001 Local Account - T1136.001 Local Groups - T1069.001 System Network Configuration Discovery - T1422 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Native Api - T1575 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 System Location Discovery - T1614 Virtualization/Sandbox Evasion - T1497 Virtualization/Sandbox Evasion - T1633 Account Manipulation - T1098 Command-Line Interface - T1059 Create Account - T1136 Execution Through Api - T1106 Exfiltration Over Alternative Protocol - T1048 Indicator Removal On Host - T1070 Remote File Copy - T1105 Powershell - T1086 Remote Desktop Protocol - T1076 Remote Services - T1021 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Windows Management Instrumentation - T1047
Show in Graph
Common Information
Type Value
UUID ebaf07d6-81a3-4749-9d26-02831eef0618
Fingerprint b6a665f24c37ae00
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 30, 2024, 10:42 a.m.
Added to db Aug. 31, 2024, 12:15 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Emulating the Extortionist Mallox Ransomware
Title Emulating the Extortionist Mallox Ransomware
Detected Hints/Tags/Attributes 107/2/24
Source URLs
Redirection Url
Details Source https://securityboulevard.com/2024/08/emulating-the-extortionist-mallox-ransomware/
URL Provider
Details Provider Source level domain
Details securityboulevard.com securityboulevard.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 226 Security Boulevard https://securityboulevard.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 7 
www.attackiq.com
Details File 345 
vssadmin.exe
Details File 95 
wevtutil.exe
Details File 2125 
cmd.exe
Details File 1208 
powershell.exe
Details MITRE ATT&CK Techniques 492 
T1105
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 310 
T1047
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 245 
T1016
Details MITRE ATT&CK Techniques 51 
T1136.001
Details MITRE ATT&CK Techniques 112 
T1098
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 235 
T1562
Details MITRE ATT&CK Techniques 160 
T1021.001
Details MITRE ATT&CK Techniques 238 
T1497
Details MITRE ATT&CK Techniques 50 
T1614
Details MITRE ATT&CK Techniques 22 
T1048.003
Details MITRE ATT&CK Techniques 276 
T1490
Details MITRE ATT&CK Techniques 92 
T1070.001
Details MITRE ATT&CK Techniques 472 
T1486
Details Url 1 
https://www.attackiq.com/2024/08/30/emulating-mallox-ransomware
Details Windows Registry Key 26 
HKLM\SYSTEM\CurrentControlSet\Control\Terminal
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse