Xollam the Latest Face of TargetCompany<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\">\n<link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendmicro\/clientlibs\/trendmicro-core-2\/clientlibs\/header-footer.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/f\/xollam-the-latest-face-of-targetcompany.html\"><br \/>\n<meta property=\"og:title\" content=\"Xollam the Latest Face of TargetCompany\"><br \/>\n<meta property=\"og:description\" content=\"This blog talks about the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. We also investigate previous variants' behaviors and the ransomware family's extortion scheme.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/TargetCompany-hero-image-976-533.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Xollam the Latest Face of TargetCompany\"><br \/>\n<meta name=\"twitter:description\" content=\"This blog talks about the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. We also investigate previous variants' behaviors and the ransomware family's extortion scheme.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/TargetCompany-hero-image-976-533.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"51.243211564759\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1183851041\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"11.245073891626\">\n<div class=\"article-details\" role=\"heading\" readability=\"42.046798029557\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Ransomware<\/p>\n<p class=\"article-details__description\">This blog talks about the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. We also investigate previous variants’ behaviors and the ransomware family’s extortion scheme.<\/p>\n<p class=\"article-details__author-by\">By: Earle Maui Earnshaw, Nathaniel Morales, Katherine Casona, Don Ovid Ladores <time class=\"article-details__date\">June 06, 2023<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-lg-8 col-lg-push-2\"> <\/p>\n<div class=\"richText\" readability=\"43.30624465355\">\n<div readability=\"33.682634730539\">\n<p>After first being detected in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/free-decryptor-released-for-targetcompany-ransomware-victims\/\" target=\"_blank\" rel=\"noopener\">June 2021<\/a>, the TargetCompany ransomware family underwent several name changes that signified major updates in the ransomware family, such as modifications in encryption algorithm and different decryptor characteristics.<\/p>\n<p>The earliest samples of the TargetCompany ransomware appended victims\u2019 files with the extension \u201c.tohnichi,\u201d the name of its victim enterprise at that time, signifying a targeted attack on the organization of the same name. As a result, it was initially known as the Tohnichi ransomware.<\/p>\n<p>Later, the group continued appending encrypted files with names based on its victims, such as \u201c.artis\u201d for the Artis Zoo in Amsterdam. Other extensions include \u201c.herrco,\u201d \u201c.brg,\u201d and \u201c.carone.\u201d<\/p>\n<p>Industry experts then later identified the ransomware as TargetCompany from the pattern it adopted of appending encrypted files after the company it was targeting.<\/p>\n<p>The variants Tohnichi (active in 2021), Mallox, and Fargo (both active in 2022) targeted vulnerabilities in Microsoft SQL (MS SQL) Server for initial access. We elaborate on the behavior of these variants in our <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/ransomware-spotlight\/ransomware-spotlight-targetcompany\">Ransomware Spotlight: TargetCompany<\/a>. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/prb-target-company-figure1.jpg\" alt=\"Figure 1. The infection chain of the earlier TargetCompany variants\"><figcaption>Figure 1. The infection chain of the earlier TargetCompany variants<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p>Our investigations show that its latest variant, Xollam, now deviates from the gang\u2019s tried-and-tested initial access method. In this blog, we discuss this latest development in the TargetCompany ransomware\u2019s behavior and look into its previous infection chains. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"38\">\n<div readability=\"21\">\n<p>In 2023, Xollam was observed as following a technique similar to the one followed by phishing campaigns: using Microsoft OneNote files as initial access to spread and deliver malware. This latest TargetCompany variant executed a spam campaign with malicious OneNote file attachments, a deviation from its roots of targeting vulnerable MS SQL databases.<\/p>\n<p>Based on our investigations, Xollam uses a pseudo-fileless technique through PowerShell, which executes reflective loading to download its payload.<\/p>\n<p>As we discuss in later sections, we have also observed this technique in earlier variants of the TargetCompany ransomware. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/prb-target-company-figure6.jpg\" alt=\"Figure 2. The attack flow of the latest TargetCompany variant, Xollam, which uses malicious OneNote files for initial access\"><figcaption>Figure 2. The attack flow of the latest TargetCompany variant, Xollam, which uses malicious OneNote files for initial access<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.5\">\n<div readability=\"20\">\n<p>The latest variant of the ransomware, Xollam, was detected in February this year.<\/p>\n<p>In the same month, the older Mallox variant was also active, as it claimed the attack on the Federation of Indian Chambers of Commerce and Industry (FICCI). The gang released 1.28 GB of compressed datasets that included financial balance sheets, employee reimbursement details, bank statements and internet banking credentials, industry audit reports, and documents related to FICCI subcommittees. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"40.5\">\n<div readability=\"26\">\n<p>The Mallox variant of the ransomware was first detected in the wild in October 2021. Later samples in January of the following year showed that the ransomware group started to employ reflective loading as part of its defense evasion.<\/p>\n<p>The Mallox variant connects to an IP address to load the encrypted ransomware, with its download URL only available for approximately 24 hours. Notably, this made the dynamic analysis of old samples difficult.<\/p>\n<p>Our investigations revealed that the payload downloaded by the PowerShell script was a .NET downloader, which would subsequently retrieve an encrypted payload from the command-and-control (C&C) server.<\/p>\n<p>The downloaded file has a random file name and might have different extensions such as \u201c.png,\u201d \u201c.bmp,\u201d and \u201c<i>.<\/i>jpg,\u201d among others. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/prb-target-company-figure3.jpg\" alt=\"Figure 3. A closer look at the reflective loading technique that TargetCompany threat actors incorporated; the IP address it connects to changes every 24 hours and deploys different payloads\"><figcaption>Figure 3. A closer look at the reflective loading technique that TargetCompany threat actors incorporated; the IP address it connects to changes every 24 hours and deploys different payloads<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>The payload would then be decrypted through XOR or inversion and executed in memory. The specific payload that is downloaded varies depending on the link on the .NET downloader.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/prb-target-company-figure4.jpg\" alt=\"Figure 4. Both Mallox and Fargo variants use a set of tools via remote desktop for defense evasion.\"><figcaption>Figure 4. Both Mallox and Fargo variants use a set of tools via remote desktop for defense evasion.<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.5\">\n<div readability=\"28\">\n<p>It\u2019s important to note that reflective loading enabled the Mallox variant to evade traditional antivirus solutions, making it challenging for organizations to protect themselves against these attacks.<\/p>\n<p>Meanwhile, the Remcos backdoor payload is executed via <i>WmiPrvSE.exe,<\/i> and the payload most likely arrives by exploiting public-facing websites and domains.<\/p>\n<p>Our investigations showed that the gang used different sets of defense evasion and reconnaissance tools such as GMER and Advance Process Termination to manually uninstall antivirus products on the target system. We also observed the presence of <i>YDArk.exe<\/i> (PCHunter64) for performing rootkit behaviors, and that TargetCompany attempts to terminate security-related processes and services by dropping KILLAV.<\/p>\n<p>In addition, the ransomware drops a batch file named <i>killer.bat<\/i> that terminates various services and applications, including GPS-related services. Afterward, it proceeds to steal system information like machine details and other relevant data.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/prb-target-company-figure5.jpg\" alt=\"Figure 5. TargetCompany ransomware defense evasion routine\"><figcaption>Figure 5. TargetCompany ransomware defense evasion routine<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.5\">\n<div readability=\"20\">\n<p>The ransomware encrypts the victim’s files using the ChaCha20 encryption algorithm and generates the encryption keys using a combination of Curve25519, an example of elliptic curve cryptography, and AES-128.<\/p>\n<p>In June 2022, the gang targeted other victims with encrypted files appended with the extension \u201c.fargo.\u201d We also observed that like Mallox, the Fargo variant employed reflective loading.<\/p>\n<p>In the last two months of 2022, there was an increase in attacks launched by the TargetCompany ransomware using its Mallox variant.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36\">\n<div readability=\"17\">\n<p>While the Mallox and Fargo variants were operating simultaneously in 2022, TargetCompany initiated its double-extortion scheme by setting up a Telegram channel where it could publish stolen information.<\/p>\n<p>In August 2022, just two months after the group launched its Fargo variant, Mallox created a Twitter account where it could announce its victims. Since this account was eventually suspended, the threat actors created a new one. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/1st-twitter-account.png\" alt=\"Figure 6. The first Twitter account (eventually suspended) that Mallox created for announcing its victims (top), and the new Twitter account that replaced it (bottom); the new account remains active as of this writing\"> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/2nd-twitter-account.png\" alt=\"Figure 6. The first Twitter account (eventually suspended) that Mallox created for announcing its victims (top), and the new Twitter account that replaced it (bottom); the new account remains active as of this writing\"><figcaption>Figure 6. The first Twitter account (eventually suspended) that Mallox created for announcing its victims (top), and the new Twitter account that replaced it (bottom); the new account remains active as of this writing<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"44.430379746835\">\n<div readability=\"34.556962025316\">\n<p>In November of the same year, Mallox launched its data leak site where, as of writing, it has declared only 20 victims. However, our telemetry data revealed far more attacks at 269 attempts on Trend Micro customers from March 2022 to April 2023.<\/p>\n<p>In a January 2023 interview, threat actors behind TargetCompany said that they choose only a small percentage of their victims to publish on their leak site. They also limit the amount of leaked data to what they deem particularly interesting and claim to have no intention of publishing everything.<\/p>\n<p>While the group said that it remains small and closed, the actors behind it mentioned that they are \u201copen to suggestions.\u201d Interestingly, a new member of the cybercrime forum RAMP under the name \u201cMallx\u201d was observed recruiting affiliates for the Mallox ransomware-as-a-service (RaaS) affiliate program.<\/p>\n<p>Our investigations also revealed that the ransomware might have connections with other groups such as the BlueSky ransomware, as well as the threat actors who perform brute-force attacks on MS SQL Servers. TargetCompany shares similarities with these groups in terms of threat actor profiles, targets, deployed remote control, and encryption algorithm. We discuss other possible affiliations, as well as victim profiles and behaviors in our <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/ransomware-spotlight\/ransomware-spotlight-targetcompany\">Spotlight feature<\/a> on the ransomware group. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.704433497537\">\n<div readability=\"29.43842364532\">\n<p>The TargetCompany ransomware is making bolder ventures beyond its tried-and-tested techniques by joining the bandwagon of OneNote phishing campaigns, which allows it to cast a wider net for increased profitability. Within just two years of activity, the threat actors behind the ransomware are proving their hunger for prolificacy, expanding their business model with a RaaS affiliate program and maintaining several platforms to announce victims and expose stolen data.<\/p>\n<p>We can expect TargetCompany to make even bigger moves in the future, especially since the threat actors behind it have admitted that they created TargetCompany to move away from the restrictions and inflexibility of their previous groups. Now unhindered, the gang will naturally try to maximize profits from its victims. <\/p>\n<p>To protect systems from ransomware attacks, we recommend that both individual users and organizations implement best practices such as applying data protection and backup and recovery measures to secure data from possible encryption or erasure. Conducting regular vulnerability assessments and patching systems in a timely manner can also minimize the damage dealt by ransomware families that abuse exploits.<\/p>\n<p>We advise users and organizations to update their systems with the latest patches and apply multilayered defense mechanisms. End users and enterprises alike can mitigate the risk of infection from new threats like the TargetCompany ransomware by following these security best practices: <\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Enable multifactor authentication (MFA) to prevent attackers from performing lateral movement inside a network.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Adhere to <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/news\/virtualization-and-cloud\/best-practices-backing-up-data\">the 3-2-1 rule<\/a> when backing up important files. This involves creating three backup copies on two different file formats, with one of the copies stored in a separate location. <\/span><\/li>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/news\/vulnerabilities-and-exploits\/virtual-patching-patch-those-vulnerabilities-before-they-can-be-exploited\">Patch and update systems<\/a> regularly. It\u2019s important to keep operating systems and applications up to date and maintain patch management protocols that can deter malicious actors from exploiting any software vulnerabilities.<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/f\/xollam-the-latest-face-of-targetcompany.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog talks about the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. We also investigate previous variants’ behaviors and the ransomware family’s extortion scheme. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":52223,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9539,9509],"class_list":["post-52222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"\n<title>Xollam, the Latest Face of TargetCompany 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Xollam, the Latest Face of TargetCompany 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-06T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/TargetCompany-hero-image-976-533.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Xollam, the Latest Face of TargetCompany\",\"datePublished\":\"2023-06-06T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/\"},\"wordCount\":1488,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/xollam-the-latest-face-of-targetcompany.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/\",\"name\":\"Xollam, the Latest Face of TargetCompany 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/xollam-the-latest-face-of-targetcompany.jpg\",\"datePublished\":\"2023-06-06T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/xollam-the-latest-face-of-targetcompany.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/xollam-the-latest-face-of-targetcompany.jpg\",\"width\":2450,\"height\":1724},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/xollam-the-latest-face-of-targetcompany\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Xollam, the Latest Face of TargetCompany\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Xollam, the Latest Face of TargetCompany 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/","og_locale":"en_US","og_type":"article","og_title":"Xollam, the Latest Face of TargetCompany 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-06-06T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/targetcompany\/TargetCompany-hero-image-976-533.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Xollam, the Latest Face of TargetCompany","datePublished":"2023-06-06T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/"},"wordCount":1488,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/xollam-the-latest-face-of-targetcompany.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/","url":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/","name":"Xollam, the Latest Face of TargetCompany 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/xollam-the-latest-face-of-targetcompany.jpg","datePublished":"2023-06-06T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/xollam-the-latest-face-of-targetcompany.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/xollam-the-latest-face-of-targetcompany.jpg","width":2450,"height":1724},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Xollam, the Latest Face of TargetCompany"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=52222"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52222\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/52223"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=52222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=52222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=52222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":52222,"date":"2023-06-06T00:00:00","date_gmt":"2023-06-06T00:00:00","guid":{"rendered":"urn:uuid:f3922d7a-84b2-5feb-383c-56a683aafe23"},"modified":"2023-06-06T00:00:00","modified_gmt":"2023-06-06T00:00:00","slug":"xollam-the-latest-face-of-targetcompany","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/xollam-the-latest-face-of-targetcompany\/","title":{"rendered":"Xollam, the Latest Face of TargetCompany"},"content":{"rendered":"