Mallox
· Published 21/12/2025 04:47 · Modified 21/12/2025 04:47
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 04:47
- Modified
- 21/12/2025 04:47
- Updated at
- 21/12/2025 04:47
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 4 reports, 48 attack patterns (mitre), 5 malware, 7 sectors, 11 countries, 33 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (4)
-
1 CVE 10 MITREs 2 Malwares 21 Observables 1 APT
-
17 MITREs 2 Malwares 7 Observables 1 APT
-
19 MITREs 1 Malware 5 Observables 1 APT
-
15 MITREs 3 Malwares 10 Observables 1 APT
Attack patterns (MITRE) (48)
-
T1090 usesProxy MITRE
-
T1078 usesValid Accounts MITRE
-
T1033 usesSystem Owner/User Discovery MITRE
-
T1588.002 usesTool MITRE
-
T1132 usesData Encoding MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1490 usesInhibit System Recovery MITRE
-
T1560 usesArchive Collected Data MITRE
-
T1491 usesDefacement MITRE
-
T1012 usesQuery Registry MITRE
-
T1059.004 usesUnix Shell MITRE
-
T1071.001 usesWeb Protocols MITRE
Malware (5)
-
Trigona usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mallox usesFamily
-
Kryptina usesFamily
-
Xollam usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Remcos RAT usesFamily
Sectors (7)
-
Technology targets
-
Finance targets
-
Energy targets
-
Manufacturing targets
-
Telecommunications targets
-
Retail targets
-
Healthcare targets
Countries (11)
-
United States of America targets
-
Canada targets
-
Brazil targets
-
Qatar targets
-
Australia targets
-
Ukraine targets
-
United Kingdom of Great Britain and Northern Ireland targets
-
Russian Federation targets
-
Germany targets
-
China targets
-
Kazakhstan targets
Indicators (33)
-
0427a9f68d2385f7d5ba9e9c8e5c7f1b6e829868ef0a8bc89b2f6dae2f2020c4indicates -
stix 100/100 Revoked
camellia_sbox SHA256 of 47c4a1544299260826efd9b3118ac4f727895632
· Valid until 08/12/2025 · Source: AlienVault -
df64e87ecb30f4cadf54f2c1b3d3cba8cc2d315db0fd4af2d11add57baa56f6aindicates -
db12aacbc394e441e23c1e1d9ce25ca354a554d7362b399e6d0e33770f0e98feindicates -
cd0f87f7df534b0e29b2ffa5d02cdef0d7db29a67a316e143554eb1945d75e6cindicates -
stix 100/100 Revoked· Valid until 17/08/2025 · Source: AlienVault
-
23ba8078df63ebb313f2f2a2f24dab840e068ddd5cc54bb661db7d010954d2fcindicates -
f7e8a0eac54dd040e2609546fca263f2c2753802ff57e7c62d5e9ccfa04bdb1aindicates -
http://185.73.125.6/output/indicates
Vulnerabilities (CVE) (1)
7.8
High
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys …
- Attack vector
- Local
- Published
- 04/03/2024
- Modified
- 21/12/2025