Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 43.249.195.227Previously Malicious

IP Address: 43.249.195.227Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

MYSQL

Tags

Access Suspicious Domain Create Mysql Function 100+ Sql Commands MYSQL Malicious Mysql Command Download File DNS Query Service Stop Download and Execute Outgoing Connection

Associated Attack Servers

119.188.242.201

Basic Information

IP Address

43.249.195.227

Domain

-

ISP

China Unicom Liaoning

Country

China

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2020-06-06

Last seen in Akamai Guardicore Segmentation

2020-07-03

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

Malicious MySQL commands were executed: DROP FUNCTION, DUMPFILE, INSERT INTO and UPDATE

Malicious Mysql Command

/usr/local/mysql/dYkkj4.so was downloaded

Download File

MySQL user-defined function (UDF) sys_eval implemented in /usr/local/mysql/lib/plugin/dYkkj4.so was created

Create Mysql Function

The file /usr/local/mysql/lib/plugin/dYkkj4.so was downloaded and loaded by /usr/local/mysql/bin/mysqld 2 times

Download and Execute

An attempt to create MySQL user-defined function (UDF) mylab_sys_exec implemented in /usr/local/mysql/lib/plugin/mylab_sys_exec.so

Create Mysql Function

Service iptables was stopped 5 times

Service Stop

The file /usr/local/mysql/data/wget was downloaded and executed 10 times

Download and Execute

Process /usr/local/mysql/data/wget attempted to access suspicious domains: game918.me 5 times

DNS Query Access Suspicious Domain

Process /usr/local/mysql/data/wget generated outgoing network traffic to: 119.188.242.201:6688 5 times

Outgoing Connection

/usr/local/mysql/lib/plugin/RkaThE.so was downloaded

Download File

/usr/local/mysql/lib/plugin/BDiNbr.so was downloaded

Download File

/usr/local/mysql/lib/plugin/wFtiBY.so was downloaded

Download File

/usr/local/mysql/BDiNbr.so was downloaded

Download File

An attempt to create MySQL user-defined function (UDF) sys_eval implemented in /usr/local/mysql/lib/plugin/BDiNbr.so

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) mylab_sys_exec implemented in /usr/local/mysql/lib/plugin/mylab_sys_exec.so

Create Mysql Function

/usr/local/mysql/lib/plugin/L1oQgl.so was downloaded

Download File

/usr/local/mysql/L1oQgl.so was downloaded

Download File

An attempt to create MySQL user-defined function (UDF) sys_eval implemented in /usr/local/mysql/lib/plugin/L1oQgl.so

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) mylab_sys_exec implemented in /usr/local/mysql/lib/plugin/mylab_sys_exec.so

Create Mysql Function

/usr/local/mysql/RkaThE.so was downloaded

Download File

An attempt to create MySQL user-defined function (UDF) sys_eval implemented in /usr/local/mysql/lib/plugin/RkaThE.so

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) mylab_sys_exec implemented in /usr/local/mysql/lib/plugin/mylab_sys_exec.so

Create Mysql Function

/usr/local/mysql/wFtiBY.so was downloaded

Download File

An attempt to create MySQL user-defined function (UDF) sys_eval implemented in /usr/local/mysql/lib/plugin/wFtiBY.so

Create Mysql Function

An attempt to create MySQL user-defined function (UDF) mylab_sys_exec implemented in /usr/local/mysql/lib/plugin/mylab_sys_exec.so

Create Mysql Function

Connection was closed due to timeout