New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware [Wednesday, January 10, 2024]

New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware - The Securonix Threat Research team has been monitoring an ongoing threat campaign, RE#TURGENCE which involves the targeting and exploitation of MSSQL database servers to gain initial acces
New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware [Wednesday, January 10, 2024]
New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware
Report

New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware

Description :
The Securonix Threat Research team has been monitoring an ongoing threat campaign, RE#TURGENCE which involves the targeting and exploitation of MSSQL database servers to gain initial access. The threat actors appear to be targeting US, EU and LATAM countries and are financially motivated.

Published Created Modified
2024-01-10 10:01:43 2024-01-10 10:01:43 2024-01-10 10:23:40

Tags

Indicators

IPv4s :
  • 45.148.121.87
  • 88.214.26.3
URLs :
  • http://88.214.26.3:25823/MSjku
Domains :
  • seruvadessigen.3utilities.com
Hashes :
  • e9c63a5b466c286ea252f1b0aa7820396d00be241fb554cf301c6cd7ba39c5e6
  • a222ba1fd77a7915a61c8c7a0241222b4ad48dd1c243f3548caef23fe985e9c2
  • 1c7b82b084da8b57ffeef7bdca955c2aa4a209a96ec70e8d13e67283c10c12a5
  • f328c143c24afb2420964740789f409d2792413a5769a33741ed956fce5add3e
  • 31feff32d23728b39ed813c1e7dc5fe6a87dcd4d10aa995446a8c5eb5da58615
  • 1ed02979b3f312c4b2fd1b9cfdfb6bede03cd964bb52b3de017128fe00e10d3c
  • 9f3ad476eda128752a690bd26d7f9a67a8a4855a187619e74422cc08121ad3d3
  • d6cd0080d401be8a91a55b006795701680073df8cd7a0b5bc54e314370549dc4
  • d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.