← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware - Securonix
WHITE santravault1 2023-09-08 Modified: 2023-10-08
40
IOCs
MEDIUM VOLUME
Securonix Threat Labs has identified threat actors working as part of DB#JAMMER, a well tooled attack campaign targeting exposed Microsoft SQL databases and sending ransomware payloads to victims across the globe.
ends withor deviceactioncontainstruemssqlcobalt strikengroksecuronixprocess createresearch teamanydeskpolishdefenderhailpersistencemimikatznextpowershelldwordakirafalsedb#jammerfreeworldmimic
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike AnyDesk DB#JAMMER FreeWorld Mimic
Indicators of Compromise (1 / 40 total)
All URL CIDR FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://www.ired.team/offensive-security/credential-access-and-credential-dumping/forcing-wdigest-to-store-credentials-in-plaintext 2023-09-08
References (1)
↗ https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/