Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 218.108.52.67Previously Malicious

IP Address: 218.108.52.67Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

MYSQL

Tags

100+ Sql Commands Drop Mysql Table Download File Create Mysql Table Create Mysql Function Executable File Modification MYSQL Malicious Mysql Command

Associated Attack Servers

-

Basic Information

IP Address

218.108.52.67

Domain

-

ISP

Huashu media&Network Limited

Country

China

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2019-09-22

Last seen in Akamai Guardicore Segmentation

2020-04-13

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

MySQL tables were dropped: mysql.tempMix4 and mysql.yongger2

Drop Mysql Table

MySQL tables were created: mysql.tempMix4, mysql.temp_mix, mysql.testshell, mysql.yongger2 and mysql.yongger3

Create Mysql Table

Malicious MySQL commands were executed: DROP FUNCTION, DUMPFILE, INSERT INTO and UPDATE

Malicious Mysql Command

Executable file /usr/local/mysql/data/mysql/\usr\local\mysql\lib\plugin\\cna12.dll was modified 4 times

Executable File Modification

/usr/local/mysql/data/mysql/\usr\local\mysql\lib\plugin\\cna12.dll was downloaded

Download File

/usr/local/mysql/data/mysql/..\bin\cna12.dll was downloaded

Download File

An attempt to create MySQL user-defined function (UDF) xpdl3 implemented in /usr/local/mysql/lib/plugin/cna12.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) xpdl3 implemented in /usr/local/mysql/lib/plugin/udf.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/xsa.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/xsa.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/lib_mysqludf_sys.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/lib_mysqludf_sys.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/udf32.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/udf33.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/udf32.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/udf33.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/xsa.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/xsa.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/xijin.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/xijin.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/xijin1.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/xijin1.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) shell implemented in /usr/local/mysql/lib/plugin/udf.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshelv implemented in /usr/local/mysql/lib/plugin/udf.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/lib_mysqludf_sys.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/lib_mysqludf_sys.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/boom.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/boom.dll

Create Mysql Function

An attempt to drop the MySQL tables: mysql.yongger3

Drop Mysql Table

/usr/local/mysql/data/mysql/..\bin\nusql.dll was downloaded

Download File

Executable file /usr/local/mysql/data/mysql/\usr\local\mysql\lib\plugin\\nusql.dll was modified 4 times

Executable File Modification

/usr/local/mysql/data/mysql/\usr\local\mysql\lib\plugin\\nusql.dll was downloaded

Download File

Executable file /usr/local/mysql/data/mysql/\usr\local\mysql\bin\\nusql.dll was modified 4 times

Executable File Modification

/usr/local/mysql/data/mysql/\usr\local\mysql\bin\\nusql.dll was downloaded

Download File

An attempt to create MySQL user-defined function (UDF) xpdl3 implemented in /usr/local/mysql/lib/plugin/nusql.dll

Create Mysql Function

/usr/local/mysql/data/mysql/D:\Program Files\MySQL\MySQL Server 5.1\lib::$INDEX_ALLOCATION was downloaded

Download File

/usr/local/mysql/data/mysql/E:\Program Files\MySQL\MySQL Server 5.1\lib::$INDEX_ALLOCATION was downloaded

Download File

/usr/local/mysql/data/mysql/F:\Program Files\MySQL\MySQL Server 5.1\lib::$INDEX_ALLOCATION was downloaded

Download File

/usr/local/mysql/data/mysql/C:\Program Files\MySQL\MySQL Server 5.1\lib\plugin::$INDEX_ALLOCATION was downloaded

Download File

/usr/local/mysql/data/mysql/D:\Program Files\MySQL\MySQL Server 5.1\lib\plugin::$INDEX_ALLOCATION was downloaded

Download File

/usr/local/mysql/data/mysql/E:\Program Files\MySQL\MySQL Server 5.1\lib\plugin::$INDEX_ALLOCATION was downloaded

Download File

/usr/local/mysql/data/mysql/F:\Program Files\MySQL\MySQL Server 5.1\lib\plugin::$INDEX_ALLOCATION was downloaded

Download File

/usr/local/mysql/data/c:\winshell.exe was downloaded

Download File

An attempt to create MySQL user-defined function (UDF) xpdl3 implemented in /usr/local/mysql/lib/plugin/udf.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/xsa.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/xsa.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/lib_mysqludf_sys.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/lib_mysqludf_sys.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/udf32.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/udf33.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/udf32.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/udf33.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/xsa.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/xsa.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/xijin.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/xijin.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/xijin1.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/xijin1.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) shell implemented in /usr/local/mysql/lib/plugin/udf.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshelv implemented in /usr/local/mysql/lib/plugin/udf.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) cmdshell implemented in /usr/local/mysql/lib/plugin/lib_mysqludf_sys.dll

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) downloader implemented in /usr/local/mysql/lib/plugin/lib_mysqludf_sys.dll

Create Mysql Function

Connection was closed due to user inactivity