Mirai

Malware updated 15 days ago (2024-11-29T14:35:46.179Z)
Download STIX
Preview STIX
Mirai is a type of malware that primarily targets Internet of Things (IoT) devices, converting them into a botnet, which is then used to launch Distributed Denial of Service (DDoS) attacks. In early 2022, Mirai botnets accounted for over seven million detections worldwide, though there was a 9% quarter-on-quarter decrease in detections in Hong Kong. The malware typically infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can disrupt operations and steal personal information. Its code has been used and modified by various threat actors, including hacktivist groups like Anonymous Russia, MIRAI, Venom, and Killnet. The Mirai malware has been continually adapted and reutilized in different forms, with its source code often found on platforms like GitHub. One notable instance was in November 2023 when an individual known as Matrix began a hacking spree using a GitHub account filled with publicly available malware tools, including the leaked Mirai code. Additionally, the source code of "Shi-Bot," a custom Linux DDoS botnet based on Mirai, was sold by Kiberphant0m on BreachForums. These instances highlight the continued relevance and danger of the Mirai malware in the cyber security landscape. More recently, a new variant of Mirai called GorillaBot has emerged, launching 300,000 attacks affecting around 20,000 organizations worldwide between September 4 and September 27. GorillaBot, while based on Mirai's code, includes more DDoS attack methods — 19 in all. This highlights the ongoing evolution of Mirai, as hackers continue to modify and adapt its source code to create increasingly potent variants. Despite efforts to curb its proliferation, Mirai remains a significant cybersecurity threat, particularly for IoT networks.
Description last updated: 2024-11-28T11:47:16.877Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Iz1h9 is a possible alias for Mirai. IZ1H9 is a variant of the Mirai botnet, discovered in August 2018 and recognized as one of the most active Mirai variants. This malware targets Internet-of-Things (IoT) networks, exploiting flaws in various products to infect systems. The malware has been involved in multiple campaigns since its dis
3
Nosedive is a possible alias for Mirai. Nosedive is a potent malware, a type of malicious software designed to exploit and damage computer systems without the user's knowledge. It is a custom variant of the Mirai malware, primarily targeting devices with known vulnerabilities. Nosedive has been specifically engineered to infiltrate variou
2
Gorillabot is a possible alias for Mirai. GorillaBot, a new variant of the infamous Mirai malware family, has caused significant disruptions with a sharp surge in Distributed Denial-of-Service (DDoS) attacks over the past month. From September 4 to September 27, the malicious software launched approximately 300,000 attacks impacting around
2
Satori is a possible alias for Mirai. Satori is a variant of the Mirai "Internet of Things" botnet malware, created by an individual known as IntelSecrets. This person modified the source code of Mirai to produce Satori, which was then supplied to others for illicit activities. The operators who used Satori were eventually apprehended a
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Malware
Ddos
Linux
Exploit
Vulnerability
Exploits
SSH
Ddos Botnet
Bot
Payload
Trojan
Fortiguard
exploitation
Zero Day
Ransomware
Akamai
Encryption
exploited
Cybercrime
Cryptominer
Discord
Source
flaw
Github
Zero Day
Minecraft
Implant
Denial of Se...
Fortinet
Credentials
DNS
RCE (Remote ...
Phishing
Backdoor
Zyxel
Ics
Encrypt
Apache
Reddit
t1583.005
Downloader
JavaScript
Tp
Worm
Curl
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Botnet Malware is associated with Mirai. The Mirai botnet, a type of malware, is known for its ability to exploit vulnerabilities in various devices and systems. Mirai operates by infecting systems without the user's knowledge, often through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt Unspecified
13
The Gafgyt Malware is associated with Mirai. Gafgyt, also known as Bashlite, is a type of malware that targets Linux architecture operating systems with the primary intent to launch distributed denial of service (DDoS) attacks. This malicious software infiltrates systems often through suspicious downloads, emails, or websites, and upon entry, is related to
8
The Moobot Malware is associated with Mirai. Moobot is a malicious software (malware) that is based on the Mirai platform. This malware was designed to infiltrate devices and systems, often through suspicious downloads, emails, or websites without user knowledge. Once inside a system, Moobot facilitated targeted attacks against various entitieis related to
6
The Condi Malware is associated with Mirai. The Condi botnet, a form of malware, has been identified as a significant threat to unpatched TP-Link devices. The malware is recognized by the string "condi" and upon execution, sends numerous DNS queries to "trcpay[.]xyz." The botnet first attempts to resolve the Command and Control (C2) server adis related to
5
The Mozi Malware is associated with Mirai. Mozi, a malicious software (malware), has been a significant force in the cyber threat landscape. This malware, known for exploiting outdated and vulnerable Internet of Things (IoT) devices, was responsible for 74% of all IoT attacks in 2021. The Mozi botnet, infamous for hijacking hundreds of thousUnspecified
5
The Catddos Malware is associated with Mirai. CatDDoS, a variant of the Mirai distributed denial-of-service (DDoS) botnet, is a potent malware threat that has been compromising more than 300 targets daily in its latest wave of attacks. The malware infects systems through suspicious downloads, emails, or websites and can disrupt operations, steais related to
3
The Jenx Malware is associated with Mirai. JenX is a variant of the infamous Mirai malware, first discovered in January 2018. It was primarily used by the group responsible for the InfectedSlurs botnet, which remains unidentified. This malware strain is known for exploiting hosting services running multiplayer versions of Grand Theft Auto tois related to
3
The Kinsing Malware is associated with Mirai. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informaUnspecified
3
The Miori Malware is associated with Mirai. Miori is a variant of the notorious Mirai malware, which shares similar modules with it. Like other types of malware, Miori is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once it has infected a system, it can steal persois related to
3
The Rapperbot Malware is associated with Mirai. RapperBot is a malicious software (malware) identified as a Distributed Denial of Service (DDoS) botnet first encountered by Fortinet in mid-June 2022. This malware, which brute-forces its way into Internet of Things (IoT) devices, primarily targeted Linux SSH servers. RapperBot is unique in that whUnspecified
3
The Jenx Mirai Malware is associated with Mirai. JenX Mirai is a variant of malware, malicious software designed to exploit and damage computer systems. This particular variant was discovered in January 2018 and has been used primarily by the InfectedSlurs botnet, an unidentified group that uses offensive language in its command-and-control (C2) dUnspecified
3
The Gafgyt Variant Malware is associated with Mirai. The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, Unspecified
2
The gh0st RAT Malware is associated with Mirai. Gh0st RAT is a malicious software (malware) that has been in use for over 15 years. It is an open-source remote access tool known for exploiting vulnerabilities in systems, most notably the PHP flaw which it targeted within 24 hours of disclosure. This malware was observed as part of Operation DiploUnspecified
2
The Emotet Malware is associated with Mirai. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, Unspecified
2
The Cayosin Malware is associated with Mirai. Cayosin is a type of malware, a harmful software designed to exploit and damage computer systems or devices. It has been deployed by the Diicot cybercrime group in a new campaign, according to research from Cado Labs. Traditionally associated with cryptojacking campaigns, Diicot has shifted tactics,Unspecified
2
The WannaCry Malware is associated with Mirai. WannaCry is a notorious malware that gained global attention in 2017 when it was responsible for the biggest ransomware attack to date. The malware, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites. Once inside a system, WannaCry can Unspecified
2
The Omg Malware is associated with Mirai. OMG is a variant of the Mirai malware, designed to exploit Internet of Things (IoT) devices by turning them into proxy servers for cryptomining. This malicious software operates covertly, typically entering systems through suspicious downloads, emails, or websites, and once inside, it can disrupt opis related to
2
The Hailbot Malware is associated with Mirai. HailBot is a malicious software variant that emerged in September 2023, based on the Mirai source code. This malware was identified and analyzed by cybersecurity firm NSFOCUS and content delivery network Akamai. It is known to propagate through exploitation of vulnerabilities and weak passwords, witis related to
2
The Kiraibot Malware is associated with Mirai. KiraiBot is a recent and active malware, identified as part of the Mirai botnet variant family in September 2023 by NSFOCUS's global threat hunting system. It is one of several new botnet variants developed based on the Mirai source code, alongside hailBot and catDDoS. However, kiraiBot is unique inis related to
2
The malware Satori Botnet is associated with Mirai. is related to
2
The Hailbot Mirai Malware is associated with Mirai. Hailbot Mirai is a variant of malware that has been identified by researchers as an evolution of the malicious software known as Mirai. This new strain, developed from the Mirai source code, presents a significant threat to computer systems and devices. Like its predecessor, Hailbot Mirai can infiltUnspecified
2
The Infectedslurs Malware is associated with Mirai. InfectedSlurs is a newly discovered malware that operates as a Mirai-based botnet. This malicious software is designed to exploit and damage computer systems and devices, often infiltrating the system through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it canis related to
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Medusa Threat Actor is associated with Mirai. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerouUnspecified
2
The Diicot Threat Actor is associated with Mirai. The Diicot Threat Group, an emerging threat actor with sophisticated technical knowledge, has been identified as a significant cybersecurity concern. They have recently targeted SSH servers with brute-force malware, using a relatively limited username/password list consisting of default and easily-gUnspecified
2
The Reaper Threat Actor is associated with Mirai. Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surrounUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-1389 Vulnerability is associated with Mirai. CVE-2023-1389 is a command injection vulnerability discovered in TP-Link Archer AX21 routers. This flaw in software design or implementation was publicly released in March of the year 2023 and has since been exploited by various malicious actors. Attack traffic through the vulnerable routers has beeUnspecified
6
The vulnerability CVE-2024-7029 is associated with Mirai. Unspecified
2
The CVE-2021-36260 Vulnerability is associated with Mirai. CVE-2021-36260 is a critical command injection flaw found in the webserver of various Hikvision products. This vulnerability, a defect in software design or implementation, allows unauthorized users to execute arbitrary commands on the system, potentially leading to unauthorized access, data theft, Unspecified
2
The vulnerability CVE-2023-26801 is associated with Mirai. Unspecified
2
The CVE-2023-28771 Vulnerability is associated with Mirai. CVE-2023-28771 is a software vulnerability, specifically a command injection flaw, in Zyxel ZyWALL firewalls. The vulnerability was detected by FortiGuard Labs in June 2023 when it was being exploited by several Distributed Denial of Service (DDoS) botnets. It's worth noting that this vulnerability Unspecified
2
The vulnerability CVE-2022-29303 is associated with Mirai. Unspecified
2
The vulnerability CVE-2023-23295 is associated with Mirai. Unspecified
2
The vulnerability Elf/mirai is associated with Mirai. Unspecified
2
Source Document References
Information about the Mirai Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
16 days ago
DARKReading
16 days ago
BankInfoSecurity
16 days ago
Krebs on Security
16 days ago
DARKReading
23 days ago
Krebs on Security
a month ago
DARKReading
2 months ago
BankInfoSecurity
2 months ago
Securityaffairs
2 months ago
BankInfoSecurity
3 months ago
InfoSecurity-magazine
3 months ago
Contagio
3 months ago
Securityaffairs
3 months ago
InfoSecurity-magazine
3 months ago
Securityaffairs
3 months ago
DARKReading
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
SANS ISC
4 months ago
Checkpoint
5 months ago