
Threat Actors Deploy FreeWorld Ransomware by Hijacking MSSQL Servers on DB Jammer
MSSQLCobalt StrikeDB#JAMMERFreeWorld
Threat actors working as part of DB JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks and appear to be well tooled and ready to deliver ransomware and Cobalt Strike payloads.
Indicators of Compromise
No domains found for this campaign
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
REMEDIATIONS:
Use strong passwords and rate limiting for login attempts when running internet-facing services.
Limit usage of xp_cmdshell stored procedure in MSSQL environments
Use VPN programs
Monitor common malware staging directories, especially "C:\Windows\Temp" used in this attack campaign
Observed Countries250
AD (481)
AE (134)
AF (267)
AG (577)
AI (217)
AL (736)
AM (595)
AO (235)
AQ (635)
AR (530)
AS (971)
AT (239)
AU (149)
AW (914)
AX (270)
AZ (399)
BA (717)
BB (10)
BD (348)
BE (456)
BF (507)
BG (977)
BH (350)
BI (271)
BJ (711)
BL (302)
BM (604)
BN (514)
BO (612)
BQ (660)
BR (910)
BS (401)
BT (1)
BV (622)
BW (841)
BY (216)
BZ (513)
CA (577)
CC (706)
CD (614)
CF (756)
CG (956)
CH (119)
CI (806)
CK (863)
CL (695)
CM (573)
CN (104)
CO (914)
CR (567)
CU (633)
CV (988)
CW (197)
CX (912)
CY (776)
CZ (175)
DE (806)
DJ (191)
DK (217)
DM (704)
DO (805)
DZ (234)
EC (828)
EE (760)
EG (893)
EH (99)
ER (857)
ES (127)
ET (284)
FI (872)
FJ (174)
FK (854)
FM (247)
FO (813)
FR (572)
GA (282)
GB (985)
GD (137)
GE (811)
GF (2)
GG (685)
GH (970)
GI (396)
GL (711)
GM (953)
GN (631)
GP (997)
GQ (400)
GR (340)
GS (329)
GT (16)
GU (128)
GW (130)
GY (243)
HK (440)
HM (420)
HN (662)
HR (228)
HT (442)
HU (770)
ID (42)
IE (676)
IL (238)
IM (747)
IN (283)
IO (699)
IQ (982)
IR (180)
IS (171)
IT (325)
JE (985)
JM (621)
JO (31)
JP (661)
KE (52)
KG (25)
KH (805)
KI (336)
KM (58)
KN (812)
KP (266)
KR (338)
KW (624)
KY (723)
KZ (280)
LA (889)
LB (950)
LC (418)
LI (799)
LK (324)
LR (845)
LS (473)
LT (819)
LU (802)
LV (790)
LY (895)
MA (114)
MC (927)
MD (330)
ME (437)
MF (929)
MG (855)
MH (345)
MK (732)
ML (245)
MM (689)
MN (521)
MO (483)
MP (750)
MQ (357)
MR (488)
MS (986)
MT (362)
MU (511)
MV (832)
MW (668)
MX (261)
MY (830)
MZ (988)
NA (182)
NC (448)
NE (726)
NF (228)
NG (772)
NI (335)
NL (677)
NO (213)
NP (616)
NR (145)
NU (137)
NZ (275)
OM (571)
PA (312)
PE (329)
PF (331)
PG (191)
PH (88)
PK (815)
PL (779)
PM (529)
PN (106)
PR (484)
PS (996)
PT (66)
PW (603)
PY (727)
QA (556)
RE (331)
RO (908)
RS (310)
RU (233)
RW (97)
SA (379)
SB (942)
SC (802)
SD (750)
SE (583)
SG (815)
SH (54)
SI (189)
SJ (602)
SK (192)
SL (645)
SM (595)
SN (839)
SO (878)
SR (224)
SS (285)
ST (252)
SV (810)
SX (665)
SY (122)
SZ (983)
TC (679)
TD (697)
TF (634)
TG (581)
TH (407)
TJ (851)
TK (169)
TL (871)
TM (921)
TN (635)
TO (911)
TR (307)
TT (923)
TV (684)
TW (114)
TZ (739)
UA (595)
UG (171)
UM (111)
US (574)
UY (44)
UZ (580)
VA (314)
VC (534)
VE (569)
VG (959)
VI (394)
VN (672)
VU (878)
WF (52)
WS (608)
XK (777)
YE (450)
YT (894)
ZA (413)
ZM (461)
ZW (528)