Performs a structured MySQL extortion workflow that first disables autocommit and calculates database size via information_schema to assess data value, then enumerates tables, creates a ransom table, inserts explicit extortion messages with payment instructions, and commits the transaction—clearly indicating intentional database extortion following valuation.

Performs a coordinated sequence of MySQL actions to create and select a ransom-themed database and table, insert extortion markers, and explicitly manage transactions, clearly signaling database compromise and intent to extort the owner

Explicitly disables autocommit, then deliberately drops multiple named databases and commits the transaction, indicating intentional and controlled destructive activity against specific MySQL databases rather than reconnaissance or misconfiguration.

A transactional sequence where autocommit is disabled, the MySQL SHUTDOWN command is issued, and the transaction is committed. This pattern represents an authenticated user intentionally terminating the MySQL server process, resulting in immediate database service disruption or denial of service.

A transactional sequence where autocommit is disabled, database privileges (INSERT, DELETE, CREATE, DROP) are revoked from a user on a target database, privilege tables are flushed, and the transaction is committed. This pattern indicates deliberate modification of MySQL access control, potentially used to restrict or alter another account’s capabilities after gaining database access.

Disables MySQL autocommit mode without performing any follow-up actions, indicating an initial transaction manipulation probe or a failed/aborted attempt to prepare multi-step database operations. Often seen in low-confidence automation or disrupted attack flows.