Red Securium Company Provide Web Services | Web Development | Software Development | Digital Marketing Service | Video Marketing Service | Video Logo Service & SEO Service.
www.redsecurium.org Contact Us - +91 120 429 1672
Mirai malware has strong records of infecting poorly managing IoT devices and performing DDOS attacks on various platforms.
In order to run the malware on cross-platform, it must be able to run on different architectures without any runtime surprises or misconfiguration
The Mirai botnet was used in some of the largest and most disruptive distributed denial of service (DDoS) attacks. Paras Jha, 21, Josiah White, 20, Dalton Norman, 21, are the Mirai Botnet Creators who pleaded guilty in District Court of Alaska for Computer fraud and abuse act.
Similarly Miori taking advantage of Internet connected device and compromise it by exploiting various vulnerabilities and also it constantly evolving to target the smart devices.
Miori now spreading via Remote code execution vulnerability in the PHP framework called ThinkPHP and the exploit for this vulnerability is completely new that affected ThinkPHP versions prior to 5.0.23 and 5.1.31.
Also researcher conforms that the infection rate is keep increasing related to ThinkPHP RCE around smart devices.
Apart from this, several Mirai malware various are being distributed by exploiting the same ThinkPHP RCE vulnerability.
Infection distributed via other connected device by reset the default credentials via telnet also researcher learned that it affected one of the linux machine to perfromDDOS attack.
Researchers explains that Miori is just a branch of plant and the cyber criminals used Thinkpad RCE to make vulnerable machines.
Later they download the malware variant from the command and control server hxxp://144[.]202[.]49[.]126/php.
RCE downloads and executes Miori malware
After the malware execution process, it will generate a console that starts the Telnet to brute force other IP addresses.
In order to receive the command from C&Cserver it also listens on port 42352 (TCP/UDP) .
According to Trendmicro, We were able to decrypt Miori malware’s configuration table embedded in its binary and found the following notable strings. We also listed the usernames and passwords used by the malware, some of which are default and easy-to-guess.
/bin/busybox kill -9 /bin/busybox MIORI (infection verification) /bin/busybox ps (kills parameters) /dev/FTWDT101\ watchdog /dev/FTWDT101_watchdog /dev/misc/watchdog /dev/watchdog /dev/watchdog0 /etc/default/watchdog /exe /maps /proc/ /proc/net/route /proc/net/tcp /sbin/watchdog /status account enable enter incorrect login lolistresser[.]com (C&C server) MIORI: applet not found (infection verification) password shell system TSource Engine Query username your device just got infected to a bootnoot
Related Miori credentials and strings
Close look revealed that two URLs used by two other variants of Mirai: IZ1H9 and APEP. and both are using same string deobfuscation technique as Mirai and Miori.
“It should be noted that aside from brute-force via Telnet, APEP also spreads by taking advantage of CVE-2017-17215, which involves another RCE vulnerability and affects Huawei HG532 router devices, for its attacks.”Trend Micro said.
Top 12 Information Security Analyst Interview Questions & Answers 1) Explain what is the role of information security analyst? From small to large companies role of information security analyst includes Implementing security measures to protect computer systems, data and networks Keep himself up-to-date with on the latest intelligence which includes hackers techniques as well Preventing data loss and service interruptions Testing of data processing system and performing risk assessments Installing various security software like firewalls, data encryption and other security measures Recommending security enhancements and purchases Planning, testing and implementing network disaster plans Staff training on information and network security procedures 2) Mention what is data leakage? What are the factors that can cause data leakage? The separation or departing of IP from its intended place of storage is known as data leakage. The factors that are respons...
Take a look at a modern, digital camera today, and you’ll probably find it uses an SD card in order to save information. These small, convenient little disks can carry a lot of information on them, and can easily transfer your information from camera to computer. Unfortunately, SD cards also come with a drawback. They are small, fragile, and easily damaged. Forget the SD card in your pocket until you discover it in the washer, or scratch it up taking it in and out of the camera, and you may end up being unable to access your data. Sometimes this is not a big deal, and you simply go and get another SD card. At other times, the loss of the priceless pictures or other information on that card is enough to leave you scrambling to look up SD card recovery on Google. If you looked, you might have a bit of sticker shock. SD card recovery can cost as much as $3,000 to get your lost data back, depending on how many GB of data were stored. Even cheap options can run you $400, f...
Tr0ll 1.0 is an intentionally vulnerable machine, which is more of a CTF like type than real world scenario. Nevertheless, this machine has its own difficulties and you can learn some new stuff from it. So, let’s start. Enumeration Phase Let’s first run netdiscover to find the IP of our machine. netdiscover -r 192.168.1.1/24 After that, we run our typical nmap scan to see the open ports in the machine. nmap -A -sS -Pn -vv [target] Great we see many interesting stuff here. First of all, there is an open FTP port and we can connect to it with anonymous access . Also there is an open http port, we will run a nikto scan for it. The ssh port will be valuable later. From the nikto scan we got an interesting /secret/ folder. When we get inside, we can understand why the machine got this name. Nothing interesting here, as you can see. we got trolled Let’s connect ...
Comments
Post a Comment