Mirai Botnet

Malware updated a month ago (2024-11-29T14:04:38.246Z)

Download STIX

Preview STIX

The Mirai botnet, a type of malware, is known for its ability to exploit vulnerabilities in various devices and systems. Mirai operates by infecting systems without the user's knowledge, often through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage. This malicious software has been particularly disruptive due to its adaptability and range of targets. Since March 2023, there have been reports of a variant of the Mirai botnet spreading by targeting flaws in D-Link, Zyxel, and Netgear devices, including CVE-2023-25280. Additionally, an instance of the Corona Mirai botnet has been observed spreading via AVTECH CCTV zero-day and multiple previously known vulnerabilities. Recently, evidence suggests that attackers are experimenting with new vulnerabilities, possibly integrating them into variants of the Mirai botnet. Moreover, the Mirai botnet has also been found to spread through the exploitation of Ivanti Connect Secure bugs. Despite these activities, detections of the Mirai botnet family dropped by 9% QoQ in Hong Kong in Q1 2022. However, the overall threat posed by the Mirai botnet remains significant as it continues to evolve and find new avenues for infection and disruption.

Description last updated: 2024-10-01T19:16:01.950Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Gafgyt is a possible alias for Mirai Botnet. Gafgyt, also known as Bashlite, is a type of malware that targets Linux architecture operating systems with the primary intent to launch distributed denial of service (DDoS) attacks. This malicious software infiltrates systems often through suspicious downloads, emails, or websites, and upon entry,	3
Moobot is a possible alias for Mirai Botnet. Moobot is a malicious software (malware) that is based on the Mirai platform. This malware was designed to infiltrate devices and systems, often through suspicious downloads, emails, or websites without user knowledge. Once inside a system, Moobot facilitated targeted attacks against various entitie	2
Gafgyt Variant is a possible alias for Mirai Botnet. The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information,	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Botnet

Malware

Vulnerability

Linux

Exploit

Ddos

Zero Day

Akamai

Minecraft

DNS

Ransomware

Android

Source

Fortiguard

t1583.005

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Mirai Malware is associated with Mirai Botnet. Mirai is a type of malware that primarily targets Internet of Things (IoT) devices, converting them into a botnet, which is then used to launch Distributed Denial of Service (DDoS) attacks. In early 2022, Mirai botnets accounted for over seven million detections worldwide, though there was a 9% quar	Unspecified	13

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-1389 Vulnerability is associated with Mirai Botnet. CVE-2023-1389 is a command injection vulnerability discovered in TP-Link Archer AX21 routers. This flaw in software design or implementation was publicly released in March of the year 2023 and has since been exploited by various malicious actors. Attack traffic through the vulnerable routers has bee	Unspecified	6

Source Document References

Information about the Mirai Botnet Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	5 days ago	Mirai botnet targets SSR devices, Juniper Networks warns
Securityaffairs	3 months ago	U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog
Securityaffairs	4 months ago	Corona Mirai botnet spreads via AVTECH CCTV zero-day
Securityaffairs	4 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
InfoSecurity-magazine	5 months ago	Critical Vulnerability in Apache OFBiz Requires Immediate Patching
Securityaffairs	5 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	6 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	6 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine	6 months ago	Cyber Attackers Turn to Cloud Services to Deploy Malware
Securityaffairs	6 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs
CERT-EU	a year ago	Where Linux is in your home, and how to protect Linux devices from hacking
CERT-EU	a year ago	Are your smart lightbulbs spying on you? - Panda Security
CERT-EU	2 years ago	SYN Flood Explained. How to Prevent this Attack from Taking over your Server