TABMSGSQL is a malware family referenced in Mandiant’s APT1 reporting and associated imphash analysis of malware used by the APT1 threat group. In the provided content, TABMSGSQL is identified as one of the malware families for which Mandiant calculated PE import hashes to cluster related samples and discover additional variants. The content lists TABMSGSQL with imphash ee22b62aa3a63b7c17316d219d555891, 102 imports, and 9 matched samples in the APT1 dataset. The broader context states that these malware families were part of a corpus of 356 samples from the February 2013 Mandiant APT1 report, and that pivoting on imphash values helped identify additional related samples later assessed as belonging to the same malware families and attributable to the same threat group when corroborated with further analysis. No specific infection vector, platform details beyond being a PE malware family, victim industry, or behavioral capabilities for TABMSGSQL are directly provided in the content.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
2 sources tracked across advisories and community write-ups. News coverage will land here when it surfaces.
No news coverage yet. Advisories and community discussion only.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.