Red Securium Company Provide Web Services | Web Development | Software Development | Digital Marketing Service | Video Marketing Service | Video Logo Service & SEO Service.
www.redsecurium.org Contact Us - +91 120 429 1672
Mirai malware has strong records of infecting poorly managing IoT devices and performing DDOS attacks on various platforms.
In order to run the malware on cross-platform, it must be able to run on different architectures without any runtime surprises or misconfiguration
The Mirai botnet was used in some of the largest and most disruptive distributed denial of service (DDoS) attacks. Paras Jha, 21, Josiah White, 20, Dalton Norman, 21, are the Mirai Botnet Creators who pleaded guilty in District Court of Alaska for Computer fraud and abuse act.
Similarly Miori taking advantage of Internet connected device and compromise it by exploiting various vulnerabilities and also it constantly evolving to target the smart devices.
Miori now spreading via Remote code execution vulnerability in the PHP framework called ThinkPHP and the exploit for this vulnerability is completely new that affected ThinkPHP versions prior to 5.0.23 and 5.1.31.
Also researcher conforms that the infection rate is keep increasing related to ThinkPHP RCE around smart devices.
Apart from this, several Mirai malware various are being distributed by exploiting the same ThinkPHP RCE vulnerability.
Infection distributed via other connected device by reset the default credentials via telnet also researcher learned that it affected one of the linux machine to perfromDDOS attack.
Researchers explains that Miori is just a branch of plant and the cyber criminals used Thinkpad RCE to make vulnerable machines.
Later they download the malware variant from the command and control server hxxp://144[.]202[.]49[.]126/php.
RCE downloads and executes Miori malware
After the malware execution process, it will generate a console that starts the Telnet to brute force other IP addresses.
In order to receive the command from C&Cserver it also listens on port 42352 (TCP/UDP) .
According to Trendmicro, We were able to decrypt Miori malware’s configuration table embedded in its binary and found the following notable strings. We also listed the usernames and passwords used by the malware, some of which are default and easy-to-guess.
/bin/busybox kill -9 /bin/busybox MIORI (infection verification) /bin/busybox ps (kills parameters) /dev/FTWDT101\ watchdog /dev/FTWDT101_watchdog /dev/misc/watchdog /dev/watchdog /dev/watchdog0 /etc/default/watchdog /exe /maps /proc/ /proc/net/route /proc/net/tcp /sbin/watchdog /status account enable enter incorrect login lolistresser[.]com (C&C server) MIORI: applet not found (infection verification) password shell system TSource Engine Query username your device just got infected to a bootnoot
Related Miori credentials and strings
Close look revealed that two URLs used by two other variants of Mirai: IZ1H9 and APEP. and both are using same string deobfuscation technique as Mirai and Miori.
“It should be noted that aside from brute-force via Telnet, APEP also spreads by taking advantage of CVE-2017-17215, which involves another RCE vulnerability and affects Huawei HG532 router devices, for its attacks.”Trend Micro said.
Phishing Campaigns Targeting Google and Yahoo Accounts To Bypassing Two-Factor Authentication Several phishing campaigns targeting hundreds of individuals across the Middle East and North Africa. The attacker targers HRDs, journalists, political actors. Amnesty International published a report on multiple campaigns that traget self-described “secure email” services, such as Tutanota and ProtonMail and another campaign that aimed in bypassing two-factor authentication. Crafted Phishing Sites – Secure Email Providers The phishing campaign primarily targeted popular secure email service providers such as Tutanota and ProtonMail. Threat actors used a well-crafted phishing page – by obtaining the domain tutanota[.]org, whereas the original domain of the service provider is tutanota[.]com. A phishing attack is one of the dangerous social engineering attacks that leads to capture a victim’s username and password that will get store it to an attacker machine and reuse it l...
Red Securium Company Provide Software Development Service In Noida Combining technological competency with domain expertise, Red Securium offers full spectrum of custom software design, development and deployment services for enterprises and SMEs to achieve exceptional business results. Leveraging on its cross-functional width of expertise in application software development , Red Securium has developed the capabilities to build and run resilient applications at scale that seamlessly infuse your innovative ideas. Whether you are in need of the rapid development of a crucial business application or require the deployment and support for an entire suite of applications, we offer full software lifecycle coverage services. We adopt best practices and put highest levels of expertise to drive your technological assets deliver you business excellence and improved ROI. Custom Software Development Services in Noida Enterpri...
Tr0ll 1.0 is an intentionally vulnerable machine, which is more of a CTF like type than real world scenario. Nevertheless, this machine has its own difficulties and you can learn some new stuff from it. So, let’s start. Enumeration Phase Let’s first run netdiscover to find the IP of our machine. netdiscover -r 192.168.1.1/24 After that, we run our typical nmap scan to see the open ports in the machine. nmap -A -sS -Pn -vv [target] Great we see many interesting stuff here. First of all, there is an open FTP port and we can connect to it with anonymous access . Also there is an open http port, we will run a nikto scan for it. The ssh port will be valuable later. From the nikto scan we got an interesting /secret/ folder. When we get inside, we can understand why the machine got this name. Nothing interesting here, as you can see. we got trolled Let’s connect ...
Comments
Post a Comment