Statistics Report on Malware Targeting Windows Database Servers in Q2 2025

Aug. 10, 2025, 9:37 p.m.

Description

The analysis team has categorized attacks on MS-SQL and MySQL servers installed on Windows systems during Q2 2025. While the number of targeted systems remains stable, attacks on MS-SQL servers have been decreasing. MySQL servers saw a significant spike in attacks in June 2025. The report provides detailed statistics on attack trends, including graphs illustrating the attack status for both server types. It also includes a list of MD5 hashes, URLs, FQDNs, and IP addresses associated with the malicious activities. The analysis covers various types of malware and tools used in these attacks, ranging from backdoors and miners to ransomware and remote access trojans.

External References

https://asec.ahnlab.com/en/88920
https://otx.alienvault.com/pulse/68962f0d3f4895c81350d372
Tags
windows
coinminer
anydesk
remcos
gh0strat
cobaltstrike
netcat
mysql
database
ms-sql
2025-08-08
juicypotato
hploader
shadowforce
server security
q2 2025
ahnlab smart defense
clrshell
mykings
attack statistics
loveminer

Date

  • Created: Aug. 8, 2025, 5:08 p.m.
  • Published: Aug. 8, 2025, 5:08 p.m.
  • Modified: Aug. 10, 2025, 9:37 p.m.

Indicators

  • fb7b3b5fa40d52639a0932c474cab05f1394e35c55a29a3238c9641344e79230
  • 3389a0a7e2f8bee5fe7b4a9d8e45d75c6e3b75af5cec244ebdfb36699d29d89d
  • 046c011bbf14fa5d187bd4d5ac2a7cf1317f103ae2ba46769a451add5735c8e8
  • 39.108.132.22
  • 154.222.24.186
  • 103.101.178.170
  • 154.204.177.54
  • star.zcnet.net
  • yyinfo8999.fit
Download all indicators here!

Attack Patterns