Microsoft SQL Servers Infected by the New Malware: Maggie
Tags
country: China India South Korea United States Of America
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Brute Force - T1110 Connection Proxy - T1090 Connection Proxy
Show in Graph
Common Information
Type Value
UUID 62311b94-4e6e-4bcd-bf89-759e06d970ac
Fingerprint 97a9bff99e1a265b
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 6, 2022, 10:35 a.m.
Added to db Oct. 6, 2022, 1:01 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Microsoft SQL Servers Infected by the New Malware: Maggie
Title Microsoft SQL Servers Infected by the New Malware: Maggie
Detected Hints/Tags/Attributes 29/2/22
Source URLs
Redirection Url
Details Source https://socradar.io/microsoft-sql-servers-infected-by-the-new-malware-maggie/
URL Provider
Details Provider Source level domain
Details socradar.io socradar.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 238 SOCRadar® Cyber Intelligence Inc. https://socradar.io/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
xw.xxuz.com
Details File 3 
sqlmaggieantivirus_64.dll
Details File 1 
c:\programdata\success.dat
Details File 1 
success.dat
Details File 1 
failure.dat
Details File 1 
accesscontrol.dat
Details sha256 1 
f29a311d62c54bbb01f675db9864f4ab0b3483e6cfdd15a745d4943029dcdf14
Details sha256 1 
a375ae44c8ecb158895356d1519fe374dc99c4c6b13f826529c71fb1d47095c3
Details sha256 1 
eb7b33b436d034b2992c4f40082ba48c744d546daa3b49be8564f2c509bd80e9
Details sha256 1 
854bb57bbd22b64679b3574724fafd7f9de23f5f71365b1dd8757286cec87430
Details sha256 1 
4311c24670172957b4b0fb7ca9898451878faeb5dcec75f7920f1f7ad339d958
Details sha256 1 
d0bc30c940b525e7307eca0df85f1d97060ccd4df5761c952811673bc21bc794
Details IPv4 3 
58.180.56.28
Details IPv4 1 
106.251.252.83
Details IPv4 3 
183.111.148.147
Details MITRE ATT&CK Techniques 125 
T1110
Details MITRE ATT&CK Techniques 152 
T1090
Details Url 1 
http://58.180.56.28/sql64.dll
Details Url 1 
http://106.251.252.83/sql64.dll
Details Url 1 
http://183.111.148.147/sql64.dll
Details Url 1 
http://xw.xxuz.com/vv61599.exe
Details Url 1 
http://58.180.56.28/vv61599.exe