Scion Spider

Details

SCION SPIDER is a Ransomware-as-a-Service (RaaS) affiliate that achieves initial access by compromising servers running Microsoft SQL Server. The adversary typically leverages the built-in SQL extended procedure xp_cmdshell to run shell commands. SCION SPIDER uses either PowerShell (PS) commands directly or the Microsoft SQL Server-native sqlps utility to run PS commands for downloading payloads a...

Objective

  • YjKmNV1qeUwxGr2

Motivation

  • efoFkIwC

Contact our team about
IOCs for this adversary

?

During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.