IP Address:

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:​

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information



Services Targeted



DNS Query Malicious Mysql Command Download File Service Stop Outgoing Connection MYSQL Download and Execute Create Mysql Function 55 Sql Commands Access Suspicious Domain

Connect Back Servers

game918.me octans.us

Basic Information

IP Address




FranTech Solutions




Created Date


Updated Date




First seen in Guardicore Centra


Last seen in Guardicore Centra


What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

Malicious MySQL commands were executed: DROP FUNCTION, DUMPFILE, INSERT INTO and UPDATE

Malicious Mysql Command

/usr/local/mysql/rp6jH9.so was downloaded

Download File

MySQL user-defined function (UDF) sys_eval implemented in /usr/local/mysql/lib/plugin/rp6jH9.so was created

Create Mysql Function

The file /usr/local/mysql/lib/plugin/rp6jH9.so was downloaded and loaded by /usr/local/mysql/bin/mysqld 2 times

Download and Execute

An attempt to create MySQL user-defined function (UDF) mylab_sys_exec implemented in /usr/local/mysql/lib/plugin/mylab_sys_exec.so

Create Mysql Function

Service iptables was stopped

Service Stop

Process /usr/local/mysql/data/wget attempted to access suspicious domains: game918.me

DNS Query Access Suspicious Domain

The file /usr/local/mysql/data/wget was downloaded and executed 2 times

Download and Execute

Process /usr/local/mysql/data/wget generated outgoing network traffic to:

Outgoing Connection

Process /usr/local/mysql/data/wget attempted to access suspicious domains: octans.us

Access Suspicious Domain Outgoing Connection

Connection was closed due to user inactivity

Associated Files


SHA256: c071278f921475bc6f252b10b771dda4948596ef6d81b689bd936a2a9058b5cc

8040 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address:​Malicious