Mirai Botnet

Malware Profile Updated 4 days ago
Download STIX
Preview STIX
The Mirai botnet is a malicious software (malware) that has been leveraged by threat actors to exploit vulnerabilities in internet-connected devices, creating a network of compromised systems used to launch large-scale Distributed Denial of Service (DDoS) attacks. The botnet gained notoriety when it was used in some of the most damaging DDoS attacks in history, compromising over 600,000 Internet of Things (IoT) devices and targeting high-profile entities such as KrebsOnSecurity, Lonestar cell, and DNS provider Dyn. Using techniques like SYN flood, the Mirai botnet can disrupt operations on a massive scale, with the attackers often unconcerned about hiding the IP address of the compromised device due to the sheer size of the botnet. In recent years, the Mirai botnet has continued to evolve, exploiting various vulnerabilities to spread its reach. Since March 2023, Unit 42 researchers have observed the botnet leveraging several IoT vulnerabilities, including the TP-Link WAN-SIDE Vulnerability CVE-2023-1389. Furthermore, threat actors have exploited recently disclosed Ivanti Connect Secure (ICS) vulnerabilities CVE-2023-46805 and CVE-2024-21887 to deploy the Mirai botnet. This persistent exploitation of new vulnerabilities underscores the ever-evolving landscape of cyber threats posed by the Mirai botnet. Despite these concerning developments, there have been some positive trends. For instance, the detection of the Mirai botnet family dropped by 9% quarter-on-quarter in Hong Kong in Q1 2022. However, the ongoing discovery of the Mirai botnet's delivery through various exploits highlights the importance of continued vigilance and proactive cybersecurity measures to combat this persistent threat.
What's your take? (Question 1 of 5)
8a46cf1c-0030-4ea6-a5a6-b341f1f51abb Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gafgyt
3
Gafgyt, also known as Bashlite, is a form of malware that infects Linux architecture operating systems to launch Distributed Denial of Service (DDoS) attacks. The malware infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrup
Moobot
2
Moobot is a malicious software (malware) that has been active since at least 2016. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or even hold data for ransom once inside. The Moobot botnet includes other routers and virtu
Gafgyt Variant
2
The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information,
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Malware
Vulnerability
Linux
Ddos
Exploit
Zero Day
Akamai
Minecraft
Ransomware
Android
Fortiguard
t1583.005
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MiraiUnspecified
13
Mirai is a notorious malware that targets Internet of Things (IoT) devices to form a botnet, which can then be used to launch distributed denial-of-service (DDoS) attacks. In early 2022, Mirai botnets accounted for over 7 million detections, highlighting the widespread nature of this threat. However
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-1389Unspecified
6
CVE-2023-1389 is a significant software vulnerability identified in March of this year, involving a flaw in the design or implementation of certain routers. This vulnerability specifically affects TP-Link Archer AX21 (AX1800) routers and allows for command injection, enabling unauthorized users to g
Source Document References
Information about the Mirai Botnet Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
Mirai Botnet Variant ‘Pandora’ Hijacks Android TVs | IT Security News
SANS ISC
7 months ago
Routers Targeted for Gafgyt Botnet [Guest Diary] - SANS Internet Storm Center
CERT-EU
a year ago
Think twice before buying TP-Link Archer AX21 Wi-Fi router. It can be hacked easily
CERT-EU
5 months ago
Infographic: A History of Network Device Threats and What Lies Ahead | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
History of Computer Hacking and Cybersecurity Threats: From the 50s to Today | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
6 months ago
Denmark Encounters Largest Cyber Attack on Its Critical Infrastructure to Date
CERT-EU
a year ago
Critical security vulnerabilities expose SolarView monitoring system on the open Internet
CERT-EU
9 months ago
STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road
DARKReading
a year ago
Botnets Send Exploits Within Days to Weeks After Published PoC
CERT-EU
9 months ago
Reply URL Flaw Allowed Unauthorized MS Power Platform API Access
CERT-EU
10 months ago
Dark.IoT & Custom Botnets Exploit Zyxel Flaw in DDoS Attacks
InfoSecurity-magazine
6 months ago
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
CERT-EU
a year ago
April 2023’s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return - Check Point Blog
Malwarebytes
a year ago
Port scan attacks: Protecting your business from RDP attacks and Mirai botnets
InfoSecurity-magazine
2 months ago
Infostealers Prevalent in Retail Sector Cybercrime Trends
CERT-EU
8 months ago
Mirai reloads exploit arsenal before latest expansion drive
CERT-EU
6 months ago
New botnet malware exploits two zero-days to infect NVRs and routers
BankInfoSecurity
a year ago
Hackers Exploit TP-Link N-Day Flaw to Build Mirai Botnet
BankInfoSecurity
7 months ago
Consumer IoT Security Labels: Transparency Push Intensifies
CERT-EU
8 months ago
Where Linux is in your home, and how to protect Linux devices from hacking