Mallox affiliate leverages PureCrypter in MS-SQL exploitation campaigns

From blog.sekoia.io

As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises honeypots in different locations around the world to identify potential exploitations.

Introduction

Recently, our team observed an incident involving our MS-SQL (Microsoft SQL) honeypot. It was targeted by an intrusion set leveraging brute-force tactics, aiming to deploy the Mallox ransomware via PureCrypter through several MS-SQL exploitation techniques.

Our investigation of Mallox samples led us to identify two affiliates with distinct modus operandi. The first focuses on exploiting vulnerable assets, while the second aims at broader compromises of information systems on a larger scale.

Read more…