216.73.217.80

Case of Attacks Targeting MS-SQL Servers to Install Ammyy Admin

· Published 22/04/2025 16:40 · Modified 22/04/2025 22:50

Export JSON

Essential information

Published
22/04/2025 16:40
Modified
22/04/2025 22:50
Tags
2025-04-22 ammyy admin brute-force dictionary attack ms-sql petitpotato privilege-escalation remote-control wget
Related entities
8 techniques (mitre), 2 malware

Description

A series of attacks targeting poorly managed servers have been identified, involving the installation of , a remote control tool. The attackers exploit vulnerable servers, execute commands to gather system information, and use to install additional malware. The installed malware includes (mscorsvw.exe), its settings file (settings3.bin), and (p.ax). The attackers utilize an old version of (v3.10) and employ known exploitation methods to gain remote control. They also use for privilege escalation, adding new users and activating RDP services. To prevent such attacks, administrators are advised to use strong passwords, update software regularly, and implement security measures like firewalls.

External references