Kiraibot

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
KiraiBot is a recent and active malware, identified as part of the Mirai botnet variant family in September 2023 by NSFOCUS's global threat hunting system. It is one of several new botnet variants developed based on the Mirai source code, alongside hailBot and catDDoS. However, kiraiBot is unique in its design, incorporating personal elements that differentiate it from traditional Mirai class botnets. This significant change in code structure has allowed kiraiBot to accelerate its spread and become widely deployed, thereby posing a considerable threat to digital security. The propagation mode of kiraiBot is primarily through breaching port 23 via weak password scanning. The string "kirai" appears in the scan traffic of the botnet, with the report server set up similarly to Mirai to receive breach results. Furthermore, kiraiBot implements persistence by setting a self-starting script under the /etc/init.d/ directory, ensuring its continued operation even after system reboots. In terms of its functionality, kiraiBot supports various attack methods, as shown in the instructions it issues. It also uses a go-live data packet for communication and has designated storage sites for its propagation scripts. Given its rapid proliferation and the potential damage it can cause, ongoing monitoring and robust countermeasures are necessary to mitigate the threats posed by kiraiBot and similar botnet variants.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mirai
1
Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CatddosUnspecified
1
CatDDoS, a variant of the Mirai distributed denial-of-service (DDoS) botnet, is a potent malware threat that has been compromising more than 300 targets daily in its latest wave of attacks. The malware infects systems through suspicious downloads, emails, or websites and can disrupt operations, stea
Mirai BotnetUnspecified
1
The Mirai botnet is a type of malware, malicious software designed to exploit and harm computer systems. It spreads by exploiting vulnerabilities in different systems, most notably through Ivanti Connect Secure bugs and the JAWS Webserver. Once inside a system, it can steal personal information, dis
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Kiraibot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
Mirai Botnet’s New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught