Mallox
· Published 21/12/2025 04:47 · Modified 21/12/2025 04:47
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 04:47
- Modified
- 21/12/2025 04:47
- Updated at
- 21/12/2025 04:47
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 4 reports, 48 attack patterns (mitre), 5 malware, 7 sectors, 11 countries, 33 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (4)
-
1 CVE 10 MITREs 2 Malwares 21 Observables 1 APT
-
17 MITREs 2 Malwares 7 Observables 1 APT
-
19 MITREs 1 Malware 5 Observables 1 APT
-
15 MITREs 3 Malwares 10 Observables 1 APT
Attack patterns (MITRE) (48)
-
T1110 usesBrute Force MITRE
-
T1485 usesData Destruction MITRE
-
T1567.002 usesExfiltration to Cloud Storage MITRE
-
T1559 MITRE
-
T1055 usesProcess Injection MITRE
-
T1190 usesExploit Public-Facing Application MITRE
-
T1114 usesEmail Collection MITRE
-
T1497 usesVirtualization/Sandbox Evasion MITRE
-
T1573 usesEncrypted Channel MITRE
-
T1134 usesAccess Token Manipulation MITRE
-
T1547 usesBoot or Logon Autostart Execution MITRE
-
T1068 usesExploitation for Privilege Escalation MITRE
Malware (5)
-
Trigona usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mallox usesFamily
-
Kryptina usesFamily
-
Xollam usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Remcos RAT usesFamily
Sectors (7)
-
Technology targets
-
Finance targets
-
Energy targets
-
Manufacturing targets
-
Telecommunications targets
-
Retail targets
-
Healthcare targets
Countries (11)
-
United States of America targets
-
Canada targets
-
Brazil targets
-
Qatar targets
-
Australia targets
-
Ukraine targets
-
United Kingdom of Great Britain and Northern Ireland targets
-
Russian Federation targets
-
Germany targets
-
China targets
-
Kazakhstan targets
Indicators (33)
-
694eeec46cfe1b7acd54cf95b307416be984a5238b3059cc3af446e74e28d889indicates -
e52a8d0337bae656b01cb76c03975ac3d75ac4984c028ba2a6531396dea6ddddindicates -
45a236e7aa80515aafb6c656c758faad6e77fb435b35bfa407aef3918212078dindicates -
3b1b1beacd0925dcb27675c45f50574921181c097ab8004d18bc116e5a99bde0indicates -
2fdaee89b426fa3ee00f3e8d10ebf23f1de1562746e5ba2ee606443572190610indicates -
9f4c40c0d52291334d90455a64106f920ede3bda5c3f7d00b0933032b0f208d8indicates -
c714df0154f2b6fc8a82aa35281836c664bd3fbf4be3efc7e8b5b94ac87fc0a6indicates -
stix 100/100 Revoked· Valid until 17/08/2025 · Source: AlienVault
-
ec1b3e6440b0fe1523295479fb18660aaac2f9f13a72145feebe07d60c2d9197indicates -
docs.mdindicates -
175e20a7c8d54bfa6271de9d550c25c21e1c91aaf39aaa80779389fc8600d53findicates -
ff5e8c23e622bdaf6fd608691e6c3da298b0bfe867b0d8d84d37d991b75a237cindicates
Vulnerabilities (CVE) (1)
7.8
High
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys …
- Attack vector
- Local
- Published
- 04/03/2024
- Modified
- 21/12/2025