Miori

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Miori is a variant of the notorious Mirai malware, which shares similar modules with it. Like other types of malware, Miori is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once it has infected a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In recent times, researchers at Fortinet have observed multiple attacks over the past month that exploit a particular vulnerability (CVE-2023-1389), including botnets such as Moobot, Miori, AGoent, a Gafgyt variant, and an unnamed variant of the infamous Mirai botnet. These attacks indicate a widespread and coordinated effort by malicious actors to compromise systems on a large scale. The commonality among these attacks is their focus on exploiting this specific vulnerability, highlighting the need for robust cybersecurity measures to counteract such threats. Upon execution, Miori exhibits unique behaviors that distinguish it from other malware. It displays a message stating "your device just got infected to a bootnoot" in the console and sends \x00\x00 to its command-and-control (C2) server "rooty[.]cc" on TCP port 33335. This behavior, along with its shared attack methodologies with other Mirai derivations, makes Miori a persistent and significant threat in the cybersecurity landscape.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Mirai	3	Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g
Mirai Botnet	1	The Mirai botnet is a type of malware, malicious software designed to exploit and harm computer systems. It spreads by exploiting vulnerabilities in different systems, most notably through Ivanti Connect Secure bugs and the JAWS Webserver. Once inside a system, it can steal personal information, dis

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Agoent	Unspecified	1	AGoent is a sophisticated malware, a malicious software designed to exploit and damage computer systems. This Golang-based agent bot has been observed in multiple attacks, exploiting a year-old vulnerability to launch various nefarious activities. It operates by fetching the script file "exec.sh" fr
Gafgyt Variant	Unspecified	1	The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information,

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2023-1389	Unspecified	1	CVE-2023-1389 is a significant software vulnerability, specifically a command injection flaw, found in TP-Link Archer AX21 routers. The flaw was publicly released in March of this year and has since been exploited by malicious actors to gain unauthorized access to devices. Attack traffic through the

Source Document References

Information about the Miori Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Fortinet	3 months ago	Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread \| FortiGuard Labs
BankInfoSecurity	3 months ago	Exploited TP-Link Vulnerability Spawns Botnet Threats