← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Larva-26002 MSSQL Campaign Uses ICE Cloud Scanner to Identify Vulnerable Systems
WHITE cryptocti 2026-03-30 Modified: 2026-03-30
9
IOCs
LOW VOLUME
Larva-26002 is repeatedly attacking weak MS-SQL servers and has shifted from ransomware to large-scale scanning. They use ICE Cloud malware to find more vulnerable databases and collect data for future attacks.
Indicators of Compromise (5 / 9 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0a9f2e2ff98e9f19428da79680e80b77 2026-03-30
FileHash-MD5 28847cb6859b8239f59cbf2b8f194770 2026-03-30
FileHash-MD5 5200410ec674184707b731b697154522 2026-03-30
FileHash-MD5 7fbbf16256c7c89d952fee47b70ea759 2026-03-30
FileHash-MD5 89bf428b2d9214a66e2ea78623e8b5c9 2026-03-30