Larva-26002Larva-26002

Also known as: Larva-26002

Known aliases
1

Profile

Larva-26002 targets improperly managed MS-SQL servers, exploiting vulnerabilities such as brute force and dictionary attacks. The actor has distributed Trigona and Mimic ransomware, utilizing the Bulk Copy Program for exploitation and installing remote access tools like AnyDesk and Teramind. In their attacks, they also deploy scanner malware, including ICE Cloud Client written in Go and a Rust-based scanner. After compromising systems, they execute commands to gather information about the infected environment.

Aliases· 1

Larva-26002

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Larva-208
Actor
Larva‑25012
Actor
Larva-24005
Actor
Larva-24010
Actor
Storm-0249
Actor
Storm-2603
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.