Agent 1433: remote attack on Microsoft SQL Server
Tags
| country: | Brazil China India Vietnam |
| attack-pattern: | Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 4a56e285-8c37-474b-bfb0-5f16a7b6f5da |
| Fingerprint | 8709ba09ad5b9ac3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 22, 2019, 10 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Agent 1433: remote attack on Microsoft SQL Server |
| Title | Agent 1433: remote attack on Microsoft SQL Server |
| Detected Hints/Tags/Attributes | 31/2/7 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.com/malicious-tasks-in-ms-sql-server/92167/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 30 | ftp.exe |
|
| Details | File | 26 | backdoor.msi |
|
| Details | md5 | 1 | 6754FA8C783A947414CE6591D6FA8540 |
|
| Details | md5 | 1 | 91A12A4CF437589BA70B1687F5ACAD19 |
|
| Details | md5 | 1 | 98DFA71C361283C4A1509C42F212FB0D |
|
| Details | md5 | 1 | A3F0B689C7CCFDFAEADD7CBBF1CD92B6 |
|
| Details | md5 | 1 | E2A34F1D48CE4BE330F194E8AEFE9A55 |