 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: SQLRAT| Names | SQLRAT | |
| Category | Malware | |
| Type | Backdoor, Loader | |
| Description | (Flashpoint) The SQLRat script is designed to make a direct SQL connection to a Microsoft database controlled by the attackers and execute the contents of various tables. The script retrieves an item from the bindata table and writes the file to disk. This file appears to primarily be a version of TinyMet—an open source Meterpreter stager—but the actors have the option to store and execute any binary loaded into the table. | |
| Information | <https://www.flashpoint-intel.com/blog/fin7-revisited-inside-astra-panel-and-sqlrat-malware/> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0390/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/js.sqlrat> | |
Last change to this tool card: 23 April 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Carbanak, Anunak |  | 2013-Apr 2023 |  | ||
 | FIN7 |  | 2013-Late 2023 | | |
2 groups listed (2 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |