Databases beware: Abusing Microsoft SQL Server with SQLRecon
Tags
attack-pattern: Data Datasets Direct Credentials - T1589.001 Domain Account - T1087.002 Domain Account - T1136.002 Domain Accounts - T1078.002 Execution Guardrails - T1480 Execution Guardrails - T1627 Impersonation - T1656 Local Account - T1087.001 Local Account - T1136.001 Powershell - T1059.001 Process Hollowing - T1055.012 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID 78e6ede9-dd72-44ef-ac79-171ad73746dd
Fingerprint a7099c5349f333c7
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 7, 2023, 1 p.m.
Added to db Aug. 7, 2023, 7:29 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Databases beware: Abusing Microsoft SQL Server with SQLRecon
Title Databases beware: Abusing Microsoft SQL Server with SQLRecon
Detected Hints/Tags/Attributes 92/1/18
Source URLs
Redirection Url
Details Source https://securityintelligence.com/posts/databases-beware-abusing-microsoft-sql-server-with-sqlrecon/
URL Provider
Details Provider Source level domain
Details securityintelligence.com securityintelligence.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 227 X-Force – Security Intelligence https://securityintelligence.com/category/x-force/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 34 
system.data
Details Domain 1 
kawalabs.onmicrosoft.com
Details Domain 1 
ecom01.database.windows.net
Details Domain 372 
wscript.shell
Details Domain 1 
cdn.popped.io
Details File 51 
system.dat
Details File 24 
a.sql
Details File 1 
sqlrecon.exe
Details File 1 
ecom01.dat
Details File 380 
notepad.exe
Details File 2 
odsole70.dll
Details File 1208 
powershell.exe
Details File 1 
hollow.dll
Details File 263 
iexplore.exe
Details File 7 
favicon.png
Details File 1 
reports.xlsx
Details IPv4 1 
172.16.10.19
Details Url 1 
https://cdn.popped.io/favicon.png