mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-09 11:51:35 +00:00
347 lines
23 KiB
Markdown
347 lines
23 KiB
Markdown
# Mirai - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Mirai](https://vuldb.com/?actor.mirai). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.mirai](https://vuldb.com/?actor.mirai)
|
|
|
|
## Campaigns
|
|
|
|
The following _campaigns_ are known and can be associated with Mirai:
|
|
|
|
* CVE-2020-9054
|
|
* DDoS Ukraine
|
|
* Log4Shell
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mirai:
|
|
|
|
* [VN](https://vuldb.com/?country.vn)
|
|
* [CN](https://vuldb.com/?country.cn)
|
|
* [US](https://vuldb.com/?country.us)
|
|
* ...
|
|
|
|
There are 13 more country items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Mirai.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [1.49.153.168](https://vuldb.com/?ip.1.49.153.168) | - | - | High
|
|
2 | [1.69.18.104](https://vuldb.com/?ip.1.69.18.104) | - | - | High
|
|
3 | [1.246.222.93](https://vuldb.com/?ip.1.246.222.93) | - | - | High
|
|
4 | [1.246.223.83](https://vuldb.com/?ip.1.246.223.83) | - | - | High
|
|
5 | [2.21.153.176](https://vuldb.com/?ip.2.21.153.176) | a2-21-153-176.deploy.static.akamaitechnologies.com | - | High
|
|
6 | [2.56.56.78](https://vuldb.com/?ip.2.56.56.78) | - | - | High
|
|
7 | [2.56.57.167](https://vuldb.com/?ip.2.56.57.167) | - | - | High
|
|
8 | [2.56.57.187](https://vuldb.com/?ip.2.56.57.187) | - | - | High
|
|
9 | [2.56.57.238](https://vuldb.com/?ip.2.56.57.238) | - | - | High
|
|
10 | [2.56.59.10](https://vuldb.com/?ip.2.56.59.10) | - | - | High
|
|
11 | [2.56.59.58](https://vuldb.com/?ip.2.56.59.58) | - | - | High
|
|
12 | [2.56.59.83](https://vuldb.com/?ip.2.56.59.83) | - | - | High
|
|
13 | [2.56.59.176](https://vuldb.com/?ip.2.56.59.176) | - | - | High
|
|
14 | [2.56.59.196](https://vuldb.com/?ip.2.56.59.196) | - | - | High
|
|
15 | [2.56.59.225](https://vuldb.com/?ip.2.56.59.225) | - | - | High
|
|
16 | [2.57.122.154](https://vuldb.com/?ip.2.57.122.154) | mail.vsb-ocommunitysde.club | - | High
|
|
17 | [2.58.149.17](https://vuldb.com/?ip.2.58.149.17) | - | - | High
|
|
18 | [2.58.149.116](https://vuldb.com/?ip.2.58.149.116) | - | - | High
|
|
19 | [2.58.149.186](https://vuldb.com/?ip.2.58.149.186) | - | - | High
|
|
20 | [2.239.84.105](https://vuldb.com/?ip.2.239.84.105) | 2-239-84-105.ip248.fastwebnet.it | - | High
|
|
21 | [3.69.60.58](https://vuldb.com/?ip.3.69.60.58) | ec2-3-69-60-58.eu-central-1.compute.amazonaws.com | - | Medium
|
|
22 | [3.120.230.46](https://vuldb.com/?ip.3.120.230.46) | ec2-3-120-230-46.eu-central-1.compute.amazonaws.com | - | Medium
|
|
23 | [5.2.69.50](https://vuldb.com/?ip.5.2.69.50) | - | - | High
|
|
24 | [5.2.75.132](https://vuldb.com/?ip.5.2.75.132) | - | - | High
|
|
25 | [5.2.99.2](https://vuldb.com/?ip.5.2.99.2) | - | - | High
|
|
26 | [5.50.38.202](https://vuldb.com/?ip.5.50.38.202) | - | - | High
|
|
27 | [5.61.50.236](https://vuldb.com/?ip.5.61.50.236) | mail.novonet.org | - | High
|
|
28 | [5.61.254.190](https://vuldb.com/?ip.5.61.254.190) | db2750.kvm37.ixlhosting.nl | - | High
|
|
29 | [5.181.80.103](https://vuldb.com/?ip.5.181.80.103) | ip-80-103-bullethost.net | - | High
|
|
30 | [5.182.210.145](https://vuldb.com/?ip.5.182.210.145) | - | - | High
|
|
31 | [5.182.211.5](https://vuldb.com/?ip.5.182.211.5) | - | - | High
|
|
32 | [5.188.76.60](https://vuldb.com/?ip.5.188.76.60) | - | - | High
|
|
33 | [5.198.50.105](https://vuldb.com/?ip.5.198.50.105) | 5-198-50-105.static.kc.net.uk | - | High
|
|
34 | [5.199.143.110](https://vuldb.com/?ip.5.199.143.110) | vps2307593.dedi.server-hosting.expert | - | High
|
|
35 | [8.136.145.23](https://vuldb.com/?ip.8.136.145.23) | - | - | High
|
|
36 | [12.203.33.13](https://vuldb.com/?ip.12.203.33.13) | - | - | High
|
|
37 | [13.70.188.178](https://vuldb.com/?ip.13.70.188.178) | - | - | High
|
|
38 | [14.42.109.60](https://vuldb.com/?ip.14.42.109.60) | - | - | High
|
|
39 | [14.198.46.139](https://vuldb.com/?ip.14.198.46.139) | 014198046139.ctinets.com | - | High
|
|
40 | [15.185.242.46](https://vuldb.com/?ip.15.185.242.46) | ec2-15-185-242-46.me-south-1.compute.amazonaws.com | - | Medium
|
|
41 | [15.204.7.101](https://vuldb.com/?ip.15.204.7.101) | ip101.ip-15-204-7.us | - | High
|
|
42 | [18.172.150.9](https://vuldb.com/?ip.18.172.150.9) | server-18-172-150-9.lhr50.r.cloudfront.net | - | High
|
|
43 | [18.180.123.100](https://vuldb.com/?ip.18.180.123.100) | ec2-18-180-123-100.ap-northeast-1.compute.amazonaws.com | - | Medium
|
|
44 | [18.184.201.19](https://vuldb.com/?ip.18.184.201.19) | ec2-18-184-201-19.eu-central-1.compute.amazonaws.com | - | Medium
|
|
45 | [18.210.126.40](https://vuldb.com/?ip.18.210.126.40) | ec2-18-210-126-40.compute-1.amazonaws.com | - | Medium
|
|
46 | [18.216.38.85](https://vuldb.com/?ip.18.216.38.85) | ec2-18-216-38-85.us-east-2.compute.amazonaws.com | - | Medium
|
|
47 | [18.253.232.0](https://vuldb.com/?ip.18.253.232.0) | ec2-18-253-232-0.us-gov-east-1.compute.amazonaws.com | - | Medium
|
|
48 | [20.205.9.191](https://vuldb.com/?ip.20.205.9.191) | - | - | High
|
|
49 | [23.34.155.162](https://vuldb.com/?ip.23.34.155.162) | a23-34-155-162.deploy.static.akamaitechnologies.com | - | High
|
|
50 | [23.46.171.21](https://vuldb.com/?ip.23.46.171.21) | a23-46-171-21.deploy.static.akamaitechnologies.com | - | High
|
|
51 | [23.48.162.198](https://vuldb.com/?ip.23.48.162.198) | a23-48-162-198.deploy.static.akamaitechnologies.com | - | High
|
|
52 | [23.48.162.208](https://vuldb.com/?ip.23.48.162.208) | a23-48-162-208.deploy.static.akamaitechnologies.com | - | High
|
|
53 | [23.64.145.21](https://vuldb.com/?ip.23.64.145.21) | a23-64-145-21.deploy.static.akamaitechnologies.com | - | High
|
|
54 | [23.72.35.209](https://vuldb.com/?ip.23.72.35.209) | a23-72-35-209.deploy.static.akamaitechnologies.com | - | High
|
|
55 | [23.94.28.76](https://vuldb.com/?ip.23.94.28.76) | 23-94-28-76-host.colocrossing.com | - | High
|
|
56 | [23.94.36.134](https://vuldb.com/?ip.23.94.36.134) | 23-94-36-134-host.colocrossing.com | - | High
|
|
57 | [23.94.50.159](https://vuldb.com/?ip.23.94.50.159) | 23-94-50-159-host.colocrossing.com | - | High
|
|
58 | [23.96.101.205](https://vuldb.com/?ip.23.96.101.205) | - | - | High
|
|
59 | [23.104.29.207](https://vuldb.com/?ip.23.104.29.207) | - | - | High
|
|
60 | [23.128.248.12](https://vuldb.com/?ip.23.128.248.12) | tor-exit03.stormycloud.org | - | High
|
|
61 | [23.128.248.24](https://vuldb.com/?ip.23.128.248.24) | tor-exit15.stormycloud.org | - | High
|
|
62 | [23.160.193.123](https://vuldb.com/?ip.23.160.193.123) | unknown.ip-xfer.net | - | High
|
|
63 | [23.195.45.48](https://vuldb.com/?ip.23.195.45.48) | a23-195-45-48.deploy.static.akamaitechnologies.com | - | High
|
|
64 | [23.197.224.108](https://vuldb.com/?ip.23.197.224.108) | a23-197-224-108.deploy.static.akamaitechnologies.com | - | High
|
|
65 | [23.204.208.68](https://vuldb.com/?ip.23.204.208.68) | a23-204-208-68.deploy.static.akamaitechnologies.com | - | High
|
|
66 | [23.209.148.46](https://vuldb.com/?ip.23.209.148.46) | a23-209-148-46.deploy.static.akamaitechnologies.com | - | High
|
|
67 | [23.211.7.69](https://vuldb.com/?ip.23.211.7.69) | a23-211-7-69.deploy.static.akamaitechnologies.com | - | High
|
|
68 | [23.224.144.100](https://vuldb.com/?ip.23.224.144.100) | - | - | High
|
|
69 | [23.224.162.151](https://vuldb.com/?ip.23.224.162.151) | - | - | High
|
|
70 | [23.227.146.106](https://vuldb.com/?ip.23.227.146.106) | - | - | High
|
|
71 | [23.234.200.42](https://vuldb.com/?ip.23.234.200.42) | - | - | High
|
|
72 | [23.254.247.214](https://vuldb.com/?ip.23.254.247.214) | hwsrv-840463.hostwindsdns.com | - | High
|
|
73 | [24.21.10.168](https://vuldb.com/?ip.24.21.10.168) | c-24-21-10-168.hsd1.or.comcast.net | - | High
|
|
74 | [24.123.252.154](https://vuldb.com/?ip.24.123.252.154) | rrcs-24-123-252-154.central.biz.rr.com | - | High
|
|
75 | [24.216.1.130](https://vuldb.com/?ip.24.216.1.130) | 024-216-001-130.biz.spectrum.com | - | High
|
|
76 | [27.37.239.164](https://vuldb.com/?ip.27.37.239.164) | - | - | High
|
|
77 | [27.45.36.193](https://vuldb.com/?ip.27.45.36.193) | - | - | High
|
|
78 | [27.50.57.147](https://vuldb.com/?ip.27.50.57.147) | - | - | High
|
|
79 | [27.54.123.94](https://vuldb.com/?ip.27.54.123.94) | - | - | High
|
|
80 | [27.105.131.171](https://vuldb.com/?ip.27.105.131.171) | 27-105-131-171-FIX-TXG.dynamic.so-net.net.tw | - | High
|
|
81 | [27.215.77.102](https://vuldb.com/?ip.27.215.77.102) | - | - | High
|
|
82 | [27.215.122.51](https://vuldb.com/?ip.27.215.122.51) | - | - | High
|
|
83 | [31.7.58.162](https://vuldb.com/?ip.31.7.58.162) | r | - | High
|
|
84 | [31.7.62.22](https://vuldb.com/?ip.31.7.62.22) | mail.mackage-outlet.com | - | High
|
|
85 | [31.44.185.235](https://vuldb.com/?ip.31.44.185.235) | - | - | High
|
|
86 | [31.210.20.111](https://vuldb.com/?ip.31.210.20.111) | - | - | High
|
|
87 | [31.220.43.69](https://vuldb.com/?ip.31.220.43.69) | - | - | High
|
|
88 | [34.80.131.135](https://vuldb.com/?ip.34.80.131.135) | 135.131.80.34.bc.googleusercontent.com | - | Medium
|
|
89 | [34.92.85.21](https://vuldb.com/?ip.34.92.85.21) | 21.85.92.34.bc.googleusercontent.com | - | Medium
|
|
90 | [34.92.139.186](https://vuldb.com/?ip.34.92.139.186) | 186.139.92.34.bc.googleusercontent.com | - | Medium
|
|
91 | [35.80.216.15](https://vuldb.com/?ip.35.80.216.15) | ec2-35-80-216-15.us-west-2.compute.amazonaws.com | - | Medium
|
|
92 | [35.85.181.9](https://vuldb.com/?ip.35.85.181.9) | ec2-35-85-181-9.us-west-2.compute.amazonaws.com | - | Medium
|
|
93 | [35.166.106.142](https://vuldb.com/?ip.35.166.106.142) | ec2-35-166-106-142.us-west-2.compute.amazonaws.com | - | Medium
|
|
94 | [35.225.213.190](https://vuldb.com/?ip.35.225.213.190) | 190.213.225.35.bc.googleusercontent.com | - | Medium
|
|
95 | [36.79.62.31](https://vuldb.com/?ip.36.79.62.31) | - | - | High
|
|
96 | [36.89.18.133](https://vuldb.com/?ip.36.89.18.133) | - | - | High
|
|
97 | [36.89.18.195](https://vuldb.com/?ip.36.89.18.195) | - | - | High
|
|
98 | [36.172.133.109](https://vuldb.com/?ip.36.172.133.109) | - | - | High
|
|
99 | [36.248.133.18](https://vuldb.com/?ip.36.248.133.18) | - | - | High
|
|
100 | [37.0.8.11](https://vuldb.com/?ip.37.0.8.11) | - | - | High
|
|
101 | [37.0.8.85](https://vuldb.com/?ip.37.0.8.85) | - | - | High
|
|
102 | [37.0.8.111](https://vuldb.com/?ip.37.0.8.111) | - | - | High
|
|
103 | [37.0.8.123](https://vuldb.com/?ip.37.0.8.123) | - | - | High
|
|
104 | [37.0.8.157](https://vuldb.com/?ip.37.0.8.157) | - | - | High
|
|
105 | [37.0.8.158](https://vuldb.com/?ip.37.0.8.158) | - | - | High
|
|
106 | [37.0.11.130](https://vuldb.com/?ip.37.0.11.130) | - | - | High
|
|
107 | [37.46.150.102](https://vuldb.com/?ip.37.46.150.102) | proverbially-on.needratio.com | - | High
|
|
108 | [37.49.230.128](https://vuldb.com/?ip.37.49.230.128) | - | - | High
|
|
109 | [37.69.79.255](https://vuldb.com/?ip.37.69.79.255) | 255.79.69.37.rev.sfr.net | - | High
|
|
110 | [37.139.11.231](https://vuldb.com/?ip.37.139.11.231) | - | - | High
|
|
111 | [37.187.8.200](https://vuldb.com/?ip.37.187.8.200) | ns3323400.ovh.net | - | High
|
|
112 | [37.187.18.212](https://vuldb.com/?ip.37.187.18.212) | ns3110317.ip-37-187-18.eu | - | High
|
|
113 | [37.187.87.141](https://vuldb.com/?ip.37.187.87.141) | vps-06678987.vps.ovh.net | - | High
|
|
114 | [37.187.143.65](https://vuldb.com/?ip.37.187.143.65) | ns414234.ip-37-187-143.eu | - | High
|
|
115 | [37.187.255.93](https://vuldb.com/?ip.37.187.255.93) | ns373958.ip-37-187-255.eu | - | High
|
|
116 | [37.252.96.62](https://vuldb.com/?ip.37.252.96.62) | foxman.net | - | High
|
|
117 | [38.7.64.166](https://vuldb.com/?ip.38.7.64.166) | - | - | High
|
|
118 | [38.54.16.10](https://vuldb.com/?ip.38.54.16.10) | - | - | High
|
|
119 | [38.54.208.217](https://vuldb.com/?ip.38.54.208.217) | - | - | High
|
|
120 | [38.55.219.137](https://vuldb.com/?ip.38.55.219.137) | - | - | High
|
|
121 | [40.90.250.107](https://vuldb.com/?ip.40.90.250.107) | - | - | High
|
|
122 | [40.140.15.8](https://vuldb.com/?ip.40.140.15.8) | h8.15.140.40.ip.windstream.net | - | High
|
|
123 | [41.33.151.150](https://vuldb.com/?ip.41.33.151.150) | host-41.33.151.150.tedata.net | - | High
|
|
124 | [41.39.34.110](https://vuldb.com/?ip.41.39.34.110) | host-41.39.34.110.tedata.net | - | High
|
|
125 | [41.143.56.7](https://vuldb.com/?ip.41.143.56.7) | - | - | High
|
|
126 | [41.168.231.6](https://vuldb.com/?ip.41.168.231.6) | - | - | High
|
|
127 | [41.215.220.238](https://vuldb.com/?ip.41.215.220.238) | bl2.41.215.220.238.dynamic.dsl.cvmultimedia.cv | - | High
|
|
128 | [41.216.182.131](https://vuldb.com/?ip.41.216.182.131) | magnamhvoqa.timefaucet.de | - | High
|
|
129 | [41.216.189.11](https://vuldb.com/?ip.41.216.189.11) | - | - | High
|
|
130 | [41.219.220.251](https://vuldb.com/?ip.41.219.220.251) | - | - | High
|
|
131 | [41.244.157.174](https://vuldb.com/?ip.41.244.157.174) | - | - | High
|
|
132 | [42.228.78.68](https://vuldb.com/?ip.42.228.78.68) | hn.kd.ny.adsl | - | High
|
|
133 | [43.156.17.183](https://vuldb.com/?ip.43.156.17.183) | - | - | High
|
|
134 | [43.228.65.13](https://vuldb.com/?ip.43.228.65.13) | - | - | High
|
|
135 | [43.240.158.14](https://vuldb.com/?ip.43.240.158.14) | - | - | High
|
|
136 | [43.249.29.56](https://vuldb.com/?ip.43.249.29.56) | - | - | High
|
|
137 | [45.8.64.237](https://vuldb.com/?ip.45.8.64.237) | - | - | High
|
|
138 | [45.12.2.72](https://vuldb.com/?ip.45.12.2.72) | contact13.marketeast.link | - | High
|
|
139 | [45.14.226.235](https://vuldb.com/?ip.45.14.226.235) | - | - | High
|
|
140 | [45.39.99.95](https://vuldb.com/?ip.45.39.99.95) | - | - | High
|
|
141 | [45.61.136.130](https://vuldb.com/?ip.45.61.136.130) | - | DDoS Ukraine | High
|
|
142 | [45.61.184.4](https://vuldb.com/?ip.45.61.184.4) | cryptoin.club | - | High
|
|
143 | [45.61.186.13](https://vuldb.com/?ip.45.61.186.13) | - | DDoS Ukraine | High
|
|
144 | [45.61.187.136](https://vuldb.com/?ip.45.61.187.136) | - | - | High
|
|
145 | [45.63.93.202](https://vuldb.com/?ip.45.63.93.202) | 45.63.93.202.vultrusercontent.com | - | High
|
|
146 | [45.76.147.47](https://vuldb.com/?ip.45.76.147.47) | 45.76.147.47.vultrusercontent.com | - | High
|
|
147 | [45.79.21.252](https://vuldb.com/?ip.45.79.21.252) | mail.mrdigital.com | - | High
|
|
148 | [45.79.126.62](https://vuldb.com/?ip.45.79.126.62) | 45-79-126-62.ip.linodeusercontent.com | - | High
|
|
149 | [45.85.190.69](https://vuldb.com/?ip.45.85.190.69) | igum.navic.shop | - | High
|
|
150 | [45.86.86.50](https://vuldb.com/?ip.45.86.86.50) | mfoxx.co.uk | - | High
|
|
151 | [45.87.42.123](https://vuldb.com/?ip.45.87.42.123) | hosted-by.triple.nl | - | High
|
|
152 | [45.88.40.116](https://vuldb.com/?ip.45.88.40.116) | service.akxtto.cn | - | High
|
|
153 | [45.88.181.46](https://vuldb.com/?ip.45.88.181.46) | pelko.incifios.org.uk | - | High
|
|
154 | [45.90.160.182](https://vuldb.com/?ip.45.90.160.182) | - | - | High
|
|
155 | [45.90.161.35](https://vuldb.com/?ip.45.90.161.35) | - | - | High
|
|
156 | [45.90.161.148](https://vuldb.com/?ip.45.90.161.148) | - | - | High
|
|
157 | [45.90.162.66](https://vuldb.com/?ip.45.90.162.66) | - | - | High
|
|
158 | [45.95.55.16](https://vuldb.com/?ip.45.95.55.16) | 45.95.55.16.fly-hosting.net | - | High
|
|
159 | [45.95.55.17](https://vuldb.com/?ip.45.95.55.17) | 45.95.55.17.fly-hosting.net | - | High
|
|
160 | [45.95.55.23](https://vuldb.com/?ip.45.95.55.23) | 45.95.55.23.fly-hosting.net | - | High
|
|
161 | [45.95.55.27](https://vuldb.com/?ip.45.95.55.27) | 45.95.55.27.fly-hosting.net | - | High
|
|
162 | [45.95.55.38](https://vuldb.com/?ip.45.95.55.38) | 45.95.55.38.fly-hosting.net | - | High
|
|
163 | [45.95.55.52](https://vuldb.com/?ip.45.95.55.52) | 45.95.55.52.fly-hosting.net | - | High
|
|
164 | [45.95.55.74](https://vuldb.com/?ip.45.95.55.74) | 45.95.55.74.fly-hosting.net | - | High
|
|
165 | [45.95.169.100](https://vuldb.com/?ip.45.95.169.100) | antoniagavve.live | - | High
|
|
166 | [45.95.169.120](https://vuldb.com/?ip.45.95.169.120) | - | - | High
|
|
167 | [45.95.169.139](https://vuldb.com/?ip.45.95.169.139) | - | - | High
|
|
168 | [45.95.169.143](https://vuldb.com/?ip.45.95.169.143) | - | - | High
|
|
169 | [45.112.205.60](https://vuldb.com/?ip.45.112.205.60) | - | - | High
|
|
170 | [45.124.84.135](https://vuldb.com/?ip.45.124.84.135) | sv-84135.bkns.vn | - | High
|
|
171 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
|
|
172 | [45.133.1.9](https://vuldb.com/?ip.45.133.1.9) | - | - | High
|
|
173 | [45.133.1.89](https://vuldb.com/?ip.45.133.1.89) | - | - | High
|
|
174 | [45.133.1.133](https://vuldb.com/?ip.45.133.1.133) | - | - | High
|
|
175 | ... | ... | ... | ...
|
|
|
|
There are 695 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Mirai_. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28, CWE-35 | Pathname Traversal | High
|
|
2 | T1055 | CWE-74 | Injection | High
|
|
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
|
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
|
6 | ... | ... | ... | ...
|
|
|
|
There are 19 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Mirai. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `.github/workflows/combine-prs.yml` | High
|
|
2 | File | `/admin/api/theme-edit/` | High
|
|
3 | File | `/Api/ASF` | Medium
|
|
4 | File | `/api/browserextension/UpdatePassword/` | High
|
|
5 | File | `/apply_noauth.cgi` | High
|
|
6 | File | `/bin/sh` | Low
|
|
7 | File | `/blogengine/api/posts` | High
|
|
8 | File | `/cgi-bin/api-get_line_status` | High
|
|
9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
|
10 | File | `/cgi-bin/upload_vpntar` | High
|
|
11 | File | `/cgi-bin/wlogin.cgi` | High
|
|
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
|
13 | File | `/ctcprotocol/Protocol` | High
|
|
14 | File | `/debug/pprof` | Medium
|
|
15 | File | `/etc/passwd` | Medium
|
|
16 | File | `/export` | Low
|
|
17 | File | `/forum/away.php` | High
|
|
18 | File | `/goform/WifiBasicSet` | High
|
|
19 | File | `/h/calendar` | Medium
|
|
20 | File | `/hrm/controller/employee.php` | High
|
|
21 | File | `/hrm/employeeadd.php` | High
|
|
22 | File | `/hrm/employeeview.php` | High
|
|
23 | File | `/hss/admin/?page=client/manage_client` | High
|
|
24 | File | `/login/index.php` | High
|
|
25 | File | `/menu.html` | Medium
|
|
26 | File | `/mhds/clinic/view_details.php` | High
|
|
27 | File | `/obs/book.php` | High
|
|
28 | File | `/picturesPreview` | High
|
|
29 | File | `/setNTP.cgi` | Medium
|
|
30 | File | `/tmp` | Low
|
|
31 | File | `/tmp/boa-temp` | High
|
|
32 | File | `/tpts/manage_user.php` | High
|
|
33 | File | `/uncpath/` | Medium
|
|
34 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
|
35 | File | `/view-property.php` | High
|
|
36 | File | `/webman/info.cgi` | High
|
|
37 | File | `/zhndnsdisplay.cmd` | High
|
|
38 | File | `adclick.php` | Medium
|
|
39 | File | `addrtoname.c` | Medium
|
|
40 | ... | ... | ...
|
|
|
|
There are 342 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://1275.ru/ioc/92/mirai-botnet-ioc/
|
|
* https://1275.ru/ioc/257/gs-005-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/266/gs-012-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/268/gs-014-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/274/gs-016-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/282/gs-018-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/288/gs-020-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/289/gs-021-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/295/gs-023-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/298/gs-024-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/300/gs-025-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/301/gs-026-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/312/gs-033-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/314/gs-034-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/318/gs-035-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/325/gs-037-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/332/gs-038-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/338/gs-040-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/340/gs-042-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/346/gs-047-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/350/gs-048-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/352/gs-049-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/354/gs-050-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/355/gs-051-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/362/gs-053-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/377/gs-056-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/379/gs-057-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/382/gs-058-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/384/gs-059-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/402/gs-062-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/405/gs-064-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/406/gs-065-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/411/gs-066-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/429/gs-069-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/490/gs-071-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/494/gs-072-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/502/gs-073-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/515/gs-074-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/519/gs-075-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/520/gs-076-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/521/gs-077-mirai-botnet-iocs/
|
|
* https://1275.ru/ioc/522/gs-078-mirai-botnet-iocs/
|
|
* https://blog.cyble.com/2022/04/12/springshell-remote-code-execution-vulnerability/
|
|
* https://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickly-on-port-23-and-2323-en/
|
|
* https://blog.netlab.360.com/emptiness-a-new-evolving-botnet/
|
|
* https://blog.netlab.360.com/gpon-exploit-in-the-wild-iii-mettle-hajime-mirai-omni-imgay/
|
|
* https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/
|
|
* https://blog.netlab.360.com/wei-xie-kuai-xun-log4jlou-dong-yi-jing-bei-yong-lai-zu-jian-botnet-zhen-dui-linuxshe-bei/
|
|
* https://blog.netlab.360.com/what-our-honeypot-sees-just-one-day-after-the-spring4shell-advisory-en/
|
|
* https://blog.netlab.360.com/wo-men-kan-dao-de-wu-ke-lan-bei-ddosgong-ji-xi-jie/
|
|
* https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/log4j-indicators-of-compromise-to-date/
|
|
* https://community.blueliv.com/#!/s/5f75967582df413eac347915
|
|
* https://community.blueliv.com/#!/s/601c218082df413eb23533cf
|
|
* https://community.blueliv.com/#!/s/6051283a82df413eb5355c3b
|
|
* https://isc.sans.edu/forums/diary/Mirai+Botnet+Activity/26234/
|
|
* https://isc.sans.edu/forums/diary/Scanning+Activity+end+Goal+is+to+add+Hosts+to+Mirai+Botnet/24450/
|
|
* https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/
|
|
* https://urlhaus.abuse.ch/host/185.243.56.167/
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|