Scion Spider
United States
Japan
Afghanistan
Albania
Angola
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Belarus
Belgium
Bolivia
Bosnia/Herzegovina
Botswana
Brazil
Brunei Darussalam
Bulgaria
Cambodia
Canada
Cape Verde
Cayman Islands
Chile
China
Colombia
Congo
Costa Rica
Côte D'Ivoire
Croatia
Cyprus
Czech Republic
Denmark
Dominican Republic
Ecuador
Egypt
El Salvador
Estonia
Ethiopia
Fiji
Finland
France
Georgia
Germany
Ghana
Greece
Greenland
Guatemala
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Israel
Italy
Jamaica
Jordan
Kazakhstan
Kenya
Kuwait
Kyrgyzstan
Latvia
Lebanon
Liberia
Libyan Arab Jamahiriya
Liechtenstein
Lithuania
Luxembourg
Macao
Macedonia
Madagascar
Malaysia
Malta
Mauritius
Mexico
Moldova
Monaco
Mongolia
Montenegro
Morocco
Mozambique
Myanmar
Namibia
Nepal
Netherlands
New Zealand
Nicaragua
Nigeria
Norway
Oman
Pakistan
Palestine
Panama
Paraguay
Peru
Philippines
Poland
Portugal
Puerto Rico
Qatar
Romania
Russian Federation
Saudi Arabia
Senegal
Serbia
Singapore
Slovakia
Slovenia
South Africa
South Korea
Spain
Sri Lanka
Sweden
Switzerland
Syrian Arab Republic
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Tokelau
Tunisia
Turkey
Turkmenistan
Uganda
Ukraine
United Arab Emirates
United Kingdom
Uruguay
Uzbekistan
Venezuela
Vietnam
Yemen
Zambia
Scion Spider
Details
SCION SPIDER is a Ransomware-as-a-Service (RaaS) affiliate that achieves initial access by compromising servers running Microsoft SQL Server. The adversary typically leverages the built-in SQL extended procedure xp_cmdshell to run shell commands. SCION SPIDER uses either PowerShell (PS) commands directly or the Microsoft SQL Server-native sqlps utility to run PS commands for downloading payloads a...
Objective
- YjKmNV1qeUwxGr2
Motivation
- efoFkIwC
Contact our team about
IOCs for this adversary
?
