IP Address: 112.25.154.226Previously Malicious
IP Address: 112.25.154.226Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
MYSQL |
|
Tags |
100+ Sql Commands MYSQL Download File Download and Execute Create Mysql Function Create Mysql Table Malicious Mysql Command Drop Mysql Table Download and Allow Execution |
|
Associated Attack Servers |
|
IP Address |
112.25.154.226 |
|
|
Domain |
- |
|
|
ISP |
China Mobile Guangdong |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-03-19 |
|
Last seen in Akamai Guardicore Segmentation |
2020-04-26 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
MySQL tables were dropped: mysql.yongger2 |
Drop Mysql Table |
|
MySQL tables were created: mysql.cbmglf32, mysql.disxsb, mysql.fuigco, mysql.jvqohm32, mysql.khawuk, mysql.kqekbr32, mysql.nefmkn and mysql.yongger2 |
Create Mysql Table |
|
Malicious MySQL commands were executed: DROP FUNCTION, DUMPFILE, INSERT INTO and UPDATE |
Malicious Mysql Command |
|
/usr/local/mysql/data/mysql/\usr\local\mysql\lib\plugin\\cna12.dll was downloaded |
Download File |
|
/usr/local/mysql/data/mysql/..\bin\cna12.dll was downloaded |
Download File |
|
An attempt to create MySQL user-defined function (UDF) xpdl3 implemented in /usr/local/mysql/lib/plugin/cna12.dll 4 times |
Create Mysql Function |
|
//usr/local/mysql/lib/plugin/disxsb was downloaded |
Download File |
|
//usr/local/mysql/lib/plugin/nefmkn was downloaded |
Download File |
|
//usr/local/mysql/lib/plugin/kqekbr32.so was downloaded |
Download File |
|
MySQL user-defined function (UDF) lib_mysqludf_sys_info implemented in /usr/local/mysql/lib/plugin/kqekbr32.so was created |
Create Mysql Function |
|
The file /usr/local/mysql/lib/plugin/kqekbr32.so was downloaded and loaded by /usr/local/mysql/bin/mysqld 2 times |
Download and Execute |
|
//usr/local/mysql/lib/plugin/cbmglf32.so was downloaded |
Download File |
|
MySQL user-defined function (UDF) sys_get implemented in /usr/local/mysql/lib/plugin/kqekbr32.so was created |
Create Mysql Function |
|
MySQL user-defined function (UDF) sys_set implemented in /usr/local/mysql/lib/plugin/kqekbr32.so was created |
Create Mysql Function |
|
//usr/local/mysql/lib/plugin/fuigco was downloaded |
Download File |
|
MySQL user-defined function (UDF) sys_exec implemented in /usr/local/mysql/lib/plugin/kqekbr32.so was created |
Create Mysql Function |
|
MySQL user-defined function (UDF) sys_eval implemented in /usr/local/mysql/lib/plugin/kqekbr32.so was created |
Create Mysql Function |
|
The file /usr/local/mysql/lib/plugin/disxsb was downloaded and granted execution privileges |
Download and Allow Execution |
|
//usr/local/mysql/lib/plugin/khawuk was downloaded |
Download File |
|
An attempt to create MySQL user-defined function (UDF) lib_mysqludf_sys_info implemented in /usr/local/mysql/lib/plugin/cbmglf32.so 9 times |
Create Mysql Function |
|
//usr/local/mysql/lib/plugin/jvqohm32.so was downloaded |
Download File |
|
Connection was closed due to user inactivity |
|
© 2023 Akamai Technologies