Mirai

Malware updated 2 hours ago (2024-11-21T11:31:28.048Z)
Download STIX
Preview STIX
Mirai, a malware that targets Internet of Things (IoT) devices, was responsible for over 7 million botnet detections in early 2022. This malicious software infiltrates systems often without the user's knowledge and can steal personal information, disrupt operations, or hold data hostage for ransom. A variety of threat actors have been quick to exploit flaws in various companies' products in campaigns, including one dubbed IZ1H9 that targeted IoT networks; another involved a Mirai variant and hit Danish critical infrastructure. The "User-Agent string Hello World" has been used as an initial step of the Mirai botnet to later download malicious artifacts. The Mirai botnet has been modified by various individuals and groups, leading to new variants with different capabilities. An individual known as IntelSecrets claimed responsibility for modifying the Mirai source code to create a variant known as “Satori,” which was used for criminal gain. Another variant, GorillaBot, based on Mirai code, packs more DDoS attack methods — 19 in all. It leaves a signature message stating 'gorilla botnet is on the device ur not a cat go away [sic].' Researchers at NSFocus observed the threat actor behind GorillaBot launch a massive wave of attacks between Sept. 4 and Sept. 27. Since the second half of 2022, a variant of the Mirai bot, V3G4, started targeting IoT devices by exploiting numerous flaws, including CVE-2020-15415. From March 2023, Unit 42 researchers observed another variant of the Mirai botnet spreading by targeting vulnerabilities in D-Link, Zyxel, and Netgear devices, including CVE-2023-25280. The primary implant of this botnet, named Nosedive, is a custom variant of the Mirai malware designed to target devices with known vulnerabilities.
Description last updated: 2024-11-21T10:31:58.914Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Nosedive is a possible alias for Mirai. Nosedive is a potent malware, a type of malicious software designed to exploit and damage computer systems without the user's knowledge. It is a custom variant of the Mirai malware, primarily targeting devices with known vulnerabilities. Nosedive has been specifically engineered to infiltrate variou
2
Gorillabot is a possible alias for Mirai. GorillaBot, a new variant of the infamous Mirai malware family, has caused significant disruptions with a sharp surge in Distributed Denial-of-Service (DDoS) attacks over the past month. From September 4 to September 27, the malicious software launched approximately 300,000 attacks impacting around
2
Iz1h9 is a possible alias for Mirai.
2
Satori is a possible alias for Mirai. Satori is a variant of the Mirai "Internet of Things" botnet malware, created by an individual known as IntelSecrets. This person modified the source code of Mirai to produce Satori, which was then supplied to others for illicit activities. The operators who used Satori were eventually apprehended a
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Malware
Ddos
Exploit
Linux
Vulnerability
Exploits
Bot
Payload
Trojan
Ransomware
Encryption
Zero Day
Fortiguard
Akamai
exploitation
SSH
flaw
Cybercrime
Cryptominer
Github
Zero Day
Source
exploited
Ddos Botnet
Worm
Curl
Minecraft
Implant
Denial of Se...
Fortinet
Credentials
DNS
RCE (Remote ...
Phishing
Backdoor
Zyxel
Ics
Encrypt
Apache
Reddit
t1583.005
Downloader
JavaScript
Tp
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Botnet Malware is associated with Mirai. The Mirai botnet, a type of malware, is known for its ability to exploit vulnerabilities in various devices and systems. Mirai operates by infecting systems without the user's knowledge, often through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt Unspecified
13
The Gafgyt Malware is associated with Mirai. Gafgyt, also known as Bashlite, is a type of malware that targets Linux architecture operating systems with the primary intent to launch distributed denial of service (DDoS) attacks. This malicious software infiltrates systems often through suspicious downloads, emails, or websites, and upon entry, is related to
8
The Moobot Malware is associated with Mirai. Moobot is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate these systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold datis related to
6
The Condi Malware is associated with Mirai. The Condi botnet, a form of malware, has been identified as a significant threat to unpatched TP-Link devices. The malware is recognized by the string "condi" and upon execution, sends numerous DNS queries to "trcpay[.]xyz." The botnet first attempts to resolve the Command and Control (C2) server adis related to
5
The Mozi Malware is associated with Mirai. Mozi, a malicious software (malware), has been a significant force in the cyber threat landscape. This malware, known for exploiting outdated and vulnerable Internet of Things (IoT) devices, was responsible for 74% of all IoT attacks in 2021. The Mozi botnet, infamous for hijacking hundreds of thousUnspecified
5
The Jenx Malware is associated with Mirai. JenX is a variant of the infamous Mirai malware, first discovered in January 2018. It was primarily used by the group responsible for the InfectedSlurs botnet, which remains unidentified. This malware strain is known for exploiting hosting services running multiplayer versions of Grand Theft Auto tois related to
3
The Kinsing Malware is associated with Mirai. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informaUnspecified
3
The Miori Malware is associated with Mirai. Miori is a variant of the notorious Mirai malware, which shares similar modules with it. Like other types of malware, Miori is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once it has infected a system, it can steal persois related to
3
The Catddos Malware is associated with Mirai. CatDDoS, a variant of the Mirai distributed denial-of-service (DDoS) botnet, is a potent malware threat that has been compromising more than 300 targets daily in its latest wave of attacks. The malware infects systems through suspicious downloads, emails, or websites and can disrupt operations, steais related to
3
The Rapperbot Malware is associated with Mirai. RapperBot is a malicious software (malware) identified as a Distributed Denial of Service (DDoS) botnet first encountered by Fortinet in mid-June 2022. This malware, which brute-forces its way into Internet of Things (IoT) devices, primarily targeted Linux SSH servers. RapperBot is unique in that whUnspecified
3
The Jenx Mirai Malware is associated with Mirai. JenX Mirai is a variant of malware, malicious software designed to exploit and damage computer systems. This particular variant was discovered in January 2018 and has been used primarily by the InfectedSlurs botnet, an unidentified group that uses offensive language in its command-and-control (C2) dUnspecified
3
The Infectedslurs Malware is associated with Mirai. InfectedSlurs is a newly discovered malware that operates as a Mirai-based botnet. This malicious software is designed to exploit and damage computer systems and devices, often infiltrating the system through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it canis related to
2
The Gafgyt Variant Malware is associated with Mirai. The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, Unspecified
2
The gh0st RAT Malware is associated with Mirai. Gh0st RAT is a malicious software (malware) that has been in use for over 15 years. It is an open-source remote access tool known for exploiting vulnerabilities in systems, most notably the PHP flaw which it targeted within 24 hours of disclosure. This malware was observed as part of Operation DiploUnspecified
2
The Emotet Malware is associated with Mirai. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, Unspecified
2
The Cayosin Malware is associated with Mirai. Cayosin is a type of malware, a harmful software designed to exploit and damage computer systems or devices. It has been deployed by the Diicot cybercrime group in a new campaign, according to research from Cado Labs. Traditionally associated with cryptojacking campaigns, Diicot has shifted tactics,Unspecified
2
The WannaCry Malware is associated with Mirai. WannaCry is a type of malware, specifically ransomware, that made headlines in 2017 as one of the most devastating cyberattacks in recent history. The WannaCry ransomware exploited vulnerabilities in Windows' Server Message Block protocol (SMBv1), specifically CVE-2017-0144, CVE-2017-0145, and CVE-2Unspecified
2
The Omg Malware is associated with Mirai. OMG is a variant of the Mirai malware, designed to exploit Internet of Things (IoT) devices by turning them into proxy servers for cryptomining. This malicious software operates covertly, typically entering systems through suspicious downloads, emails, or websites, and once inside, it can disrupt opis related to
2
The Hailbot Malware is associated with Mirai. HailBot is a malicious software variant that emerged in September 2023, based on the Mirai source code. This malware was identified and analyzed by cybersecurity firm NSFOCUS and content delivery network Akamai. It is known to propagate through exploitation of vulnerabilities and weak passwords, witis related to
2
The Kiraibot Malware is associated with Mirai. KiraiBot is a recent and active malware, identified as part of the Mirai botnet variant family in September 2023 by NSFOCUS's global threat hunting system. It is one of several new botnet variants developed based on the Mirai source code, alongside hailBot and catDDoS. However, kiraiBot is unique inis related to
2
The malware Satori Botnet is associated with Mirai. is related to
2
The Hailbot Mirai Malware is associated with Mirai. Hailbot Mirai is a variant of malware that has been identified by researchers as an evolution of the malicious software known as Mirai. This new strain, developed from the Mirai source code, presents a significant threat to computer systems and devices. Like its predecessor, Hailbot Mirai can infiltUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Medusa Threat Actor is associated with Mirai. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerouUnspecified
2
The Diicot Threat Actor is associated with Mirai. The Diicot Threat Group, an emerging threat actor with sophisticated technical knowledge, has been identified as a significant cybersecurity concern. They have recently targeted SSH servers with brute-force malware, using a relatively limited username/password list consisting of default and easily-gUnspecified
2
The Reaper Threat Actor is associated with Mirai. Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surrounUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-1389 Vulnerability is associated with Mirai. CVE-2023-1389 is a command injection vulnerability discovered in TP-Link Archer AX21 routers. This flaw in software design or implementation was publicly released in March of the year 2023 and has since been exploited by various malicious actors. Attack traffic through the vulnerable routers has beeUnspecified
6
The vulnerability CVE-2024-7029 is associated with Mirai. Unspecified
2
The CVE-2021-36260 Vulnerability is associated with Mirai. CVE-2021-36260 is a critical command injection flaw found in the webserver of various Hikvision products. This vulnerability, a defect in software design or implementation, allows unauthorized users to execute arbitrary commands on the system, potentially leading to unauthorized access, data theft, Unspecified
2
The vulnerability CVE-2023-26801 is associated with Mirai. Unspecified
2
The CVE-2023-28771 Vulnerability is associated with Mirai. CVE-2023-28771 is a software vulnerability, specifically a command injection flaw, in Zyxel ZyWALL firewalls. The vulnerability was detected by FortiGuard Labs in June 2023 when it was being exploited by several Distributed Denial of Service (DDoS) botnets. It's worth noting that this vulnerability Unspecified
2
The vulnerability CVE-2022-29303 is associated with Mirai. Unspecified
2
The vulnerability CVE-2023-23295 is associated with Mirai. Unspecified
2
The vulnerability Elf/mirai is associated with Mirai. Unspecified
2
Source Document References
Information about the Mirai Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
5 hours ago
Krebs on Security
16 days ago
DARKReading
a month ago
BankInfoSecurity
a month ago
Securityaffairs
2 months ago
BankInfoSecurity
2 months ago
InfoSecurity-magazine
2 months ago
Contagio
2 months ago
Securityaffairs
2 months ago
InfoSecurity-magazine
3 months ago
Securityaffairs
3 months ago
DARKReading
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
SANS ISC
4 months ago
Checkpoint
4 months ago
Securityaffairs
5 months ago
Fortinet
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago