The Mirai downloader module
Any Internet of Things (IoT) botnet author can add this the botnet downloader to any new malware variant, which would scan for exposed devices for intrusion and payload delivery..
The botnet downloader was observed exploiting vulnerable BIG-IP boxes (versions earlier than 15.x) through a previously reported Remote Code Execution (RCE) vulnerability (CVE-2020-5902).
The downloader tries to exploit several other recently disclosed vulnerabilities in randomly generated targets, such as HP LinuxKI (CVE-2020-7209), Comtrend VR-3033 (CVE-2020-10173), and Aruba ClearPass Policy Manager (CVE-2020-7115), among others.
Similar to several other botnet variants, this downloader has several files with different extensions, hosted on a single domain, meant to attack different architectures.
Recent Mirai campaigns
Mirai is one of the most disruptive and powerful malware in the IoT threat landscape. The botnet developers have been frequently upgrading their arsenal to cause maximum damage.
Earlier this month, a new Mirai variant (detected as IoT.Linux.MIRAI.VWISI) was spotted exploiting nine vulnerabilities (most notable - CVE-2020-10173) to target vulnerable routers, DVRs, IP cameras, and products from popular vendors.
Last month, new campaigns of the Hoaxcalls and Mirai botnets were observed targeting a post-a ..
Support the originator by clicking the read the rest link below.