MySQL is currently open without authentication.
Additionally a ransom note has been found in the dataset which indicates it has been compromised
This results in all the database data made available publicly.
Severity: critical
Fingerprint: cf350410ecceb5fd358b1f7b191c27764bd934d2f4f8b5e0a2cd1414d9b03275
Databases: 25, row count: 2057, size: 587.0 kB Found table mysql.columns_priv with 0 records Found table mysql.db with 4 records Found table mysql.event with 0 records Found table mysql.func with 0 records Found table mysql.general_log with 2 records Found table mysql.help_category with 38 records Found table mysql.help_keyword with 465 records Found table mysql.help_relation with 1029 records Found table mysql.help_topic with 508 records Found table mysql.host with 0 records Found table mysql.ndb_binlog_index with 0 records Found table mysql.plugin with 0 records Found table mysql.proc with 0 records Found table mysql.procs_priv with 0 records Found table mysql.proxies_priv with 1 records Found table mysql.servers with 0 records Found table mysql.slow_log with 2 records Found table mysql.tables_priv with 0 records Found table mysql.time_zone with 0 records Found table mysql.time_zone_leap_second with 0 records Found table mysql.time_zone_name with 0 records Found table mysql.time_zone_transition with 0 records Found table mysql.time_zone_transition_type with 0 records Found table mysql.user with 6 records Found table readme_to_recover_a.recover_your_data with 2 records
Open service 80.227.127.237:3306
2024-05-25 18:45
MySQL detected
Open service 80.227.127.237:445
2024-05-23 04:06
SMB NTLMSSP handshake results: Found Windows 10.0 build 17763 NbComputerName: K2293548 NbDomainName: K2293548 DNSComputerName: K2293548 DNSDomainName: K2293548