MELEE: A Tool to Detect Ransomware Infections in MySQL Instances

Attackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL instances and triggering infections at scale to exfiltrate data, destruct data, and extort money via ransom. For example one of the significant threats MySQL deployments face is ransomware. We have authored a tool named "MELEE" to detect potential infections in MySQL instances. The tool allows security researchers, penetration testers, and threat intelligence experts to detect compromised and infected MySQL instances running malicious code. The tool also enables you to conduct efficient research in the field of malware targeting cloud databases. In this release of the tool, the following modules are supported:

• MySQL instance information gathering and reconnaissance
• MySQL instance exposure to the Internet
• MySQL access permissions for assessing remote command execution
• MySQL user enumeration
• MySQL ransomware infections
• Basic assessment checks for detecting ransomware infections
• Extensive assessment checks for extracting insidious details about potential ransomware infections
• MySQL ransomware detection and scanning for both unauthenticated and authenticated deployments

Tool Usage