Mirai Botnet

Malware updated 9 days ago (2024-08-29T16:18:02.737Z)

Download STIX

Preview STIX

The Mirai botnet is a type of malware, specifically designed to exploit and damage computer systems. It infiltrates these systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. Notably, the Mirai botnet has been known to spread through the exploitation of various software vulnerabilities. One such vulnerability that the Mirai botnet has exploited is found in Ivanti Connect Secure, a widely used secure access solution. This has been reported multiple times as a significant threat vector for the propagation of this malicious software. Additionally, an instance of the Corona Mirai botnet was observed spreading via AVTECH CCTV zero-day and multiple previously known vulnerabilities, further demonstrating its ability to adapt and exploit different weaknesses in systems. Interestingly, despite its continued threat, the detection of the Mirai botnet family dropped by 9% QoQ in Hong Kong in Q1 2022. However, there is evidence suggesting that attackers are experimenting with new vulnerabilities, possibly integrating them into variants of the Mirai botnet. This suggests that while detections may have decreased, the threat posed by the Mirai botnet remains significant and continues to evolve.

Description last updated: 2024-08-29T16:16:26.666Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Gafgyt	3	Gafgyt, also known as Bashlite, is a type of malware that targets Linux architecture operating systems with the primary intent to launch distributed denial of service (DDoS) attacks. This malicious software infiltrates systems often through suspicious downloads, emails, or websites, and upon entry,
Moobot	2	Moobot is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate these systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold dat
Gafgyt Variant	2	The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information,

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Botnet

Malware

Vulnerability

Linux

Exploit

Ddos

Zero Day

Akamai

Minecraft

DNS

Ransomware

Android

Source

Fortiguard

t1583.005

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Mirai	Unspecified	13	Mirai is a type of malware that specifically targets Internet of Things (IoT) devices such as smart speakers, cameras, and connected home equipment. It exploits weak Telnet (port 23) and SSH (port 22) credentials to gain control over these devices. Once infected, these devices are then incorporated

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2023-1389	Unspecified	6	CVE-2023-1389 is a significant software vulnerability, specifically a command injection flaw, found in TP-Link Archer AX21 routers. The flaw was publicly released in March of this year and has since been exploited by malicious actors to gain unauthorized access to devices. Attack traffic through the

Source Document References

Information about the Mirai Botnet Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	9 days ago	Corona Mirai botnet spreads via AVTECH CCTV zero-day
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
InfoSecurity-magazine	a month ago	Critical Vulnerability in Apache OFBiz Requires Immediate Patching
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine	2 months ago	Cyber Attackers Turn to Cloud Services to Deploy Malware
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
CERT-EU	a year ago	Where Linux is in your home, and how to protect Linux devices from hacking
CERT-EU	a year ago	Are your smart lightbulbs spying on you? - Panda Security
CERT-EU	2 years ago	SYN Flood Explained. How to Prevent this Attack from Taking over your Server
CERT-EU	a year ago	Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor
CERT-EU	a year ago	AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability