← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware - Securonix
WHITE santravault1 2023-09-08 Modified: 2023-10-08
40
IOCs
MEDIUM VOLUME
Securonix Threat Labs has identified threat actors working as part of DB#JAMMER, a well tooled attack campaign targeting exposed Microsoft SQL databases and sending ransomware payloads to victims across the globe.
ends withor deviceactioncontainstruemssqlcobalt strikengroksecuronixprocess createresearch teamanydeskpolishdefenderhailpersistencemimikatznextpowershelldwordakirafalsedb#jammerfreeworldmimic
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike AnyDesk DB#JAMMER FreeWorld Mimic
Indicators of Compromise (4 / 40 total)
All URL CIDR FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 84f8459d96860abfc96aa6f959576b26 MD5 of a3d865789d2bae26726b6169c4639161137aef72044a1c01647c521f09df2e16 2023-09-08
FileHash-MD5 ac34ba84a5054cd701efad5dd14645c9 MD5 of c576f7f55c4c0304b290b15e70a638b037df15c69577cd6263329c73416e490e 2023-09-08
FileHash-MD5 c44487ce1827ce26ac4699432d15b42a MD5 of 4c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405 2023-09-08
FileHash-MD5 dbf9675bd273e982ca5de58ac32de399 MD5 of 75975b0c890f804dab19f68d7072f8c04c5fe5162d2a4199448fc0e1ad03690b 2023-09-08
References (1)
↗ https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/