Miori

Miori is a variant of the notorious Mirai malware, which shares similar modules with it. Like other types of malware, Miori is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once it has infected a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In recent times, researchers at Fortinet have observed multiple attacks over the past month that exploit a particular vulnerability (CVE-2023-1389), including botnets such as Moobot, Miori, AGoent, a Gafgyt variant, and an unnamed variant of the infamous Mirai botnet. These attacks indicate a widespread and coordinated effort by malicious actors to compromise systems on a large scale. The commonality among these attacks is their focus on exploiting this specific vulnerability, highlighting the need for robust cybersecurity measures to counteract such threats. Upon execution, Miori exhibits unique behaviors that distinguish it from other malware. It displays a message stating "your device just got infected to a bootnoot" in the console and sends \x00\x00 to its command-and-control (C2) server "rooty[.]cc" on TCP port 33335. This behavior, along with its shared attack methodologies with other Mirai derivations, makes Miori a persistent and significant threat in the cybersecurity landscape.