← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware - Securonix
WHITE santravault1 2023-09-08 Modified: 2023-10-08
40
IOCs
MEDIUM VOLUME
Securonix Threat Labs has identified threat actors working as part of DB#JAMMER, a well tooled attack campaign targeting exposed Microsoft SQL databases and sending ransomware payloads to victims across the globe.
ends withor deviceactioncontainstruemssqlcobalt strikengroksecuronixprocess createresearch teamanydeskpolishdefenderhailpersistencemimikatznextpowershelldwordakirafalsedb#jammerfreeworldmimic
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike AnyDesk DB#JAMMER FreeWorld Mimic
Indicators of Compromise (4 / 40 total)
All URL CIDR FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 5e6df45bdc8d4a5f711988672cc43643fb35a876 SHA1 of 75975b0c890f804dab19f68d7072f8c04c5fe5162d2a4199448fc0e1ad03690b 2023-09-08
FileHash-SHA1 8434080fad778057a50607364fee8b481f0feef8 SHA1 of 4c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405 2023-09-08
FileHash-SHA1 dc74a9fd5560b7c7a0fc9d183de9d676e92b9e8b SHA1 of c576f7f55c4c0304b290b15e70a638b037df15c69577cd6263329c73416e490e 2023-09-08
FileHash-SHA1 f04bf7841ef6517476b9cd7af70762865f486235 SHA1 of a3d865789d2bae26726b6169c4639161137aef72044a1c01647c521f09df2e16 2023-09-08
References (1)
↗ https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/