Q1 2026 Malware Statistics Report for Windows Database Servers

Q1 2026 ASD logs indicate sustained attacks against MS-SQL and MySQL servers where attackers (attributed to Larva-26002) used brute-force/dictionary attacks and BCP-based exploitation of mismanaged/unpatched accounts to install an ICE Cloud scanner (written in Go). The report includes MD5 hashes and a delivery URL as IoCs and recommends stronger password practices, timely patching, and network access controls to reduce exposure.