Most Destructive IoT malware Mirai now being delivered as Miori and its spreading via dangerous remote code execution exploits.
Mirai malware has strong records of infecting poorly managing IoT devices and performing DDOS attacks on various platforms.
In order to run the malware on cross-platform, it must be able to run on different architectures without any runtime surprises or misconfiguration
The Mirai botnet was used in some of the largest and most disruptive distributed
Miori now spreading via Remote code execution vulnerability in
the PHP framework called ThinkPHP and the exploit for this vulnerability is completely new that affected ThinkPHP versions prior to 5.0.23 and 5.1.31.
Also researcher conforms that the infection rate is keep increasing related to ThinkPHP RCE around smart devices.
Apart from this, several Mirai malware various are being distributed by exploiting the same ThinkPHP RCE vulnerability.
Infection distributed via other connected device by
Miori & Mirai
Later they download the malware variant from the command and control
RCE downloads and executes Miori malware
After the malware execution process, it will generate a console that starts the Telnet to brute force other IP addresses.
In order to receive the command from
|/bin/busybox kill -9|
/bin/busybox MIORI (infection verification)
/bin/busybox ps (kills parameters)
lolistresser[.]com (C&C server)
MIORI: applet not found (infection verification)
TSource Engine Query
your device just got infected to a bootnoot
Related Miori credentials and strings
“It should be noted that aside from brute-force via Telnet, APEP also spreads by taking advantage of CVE-2017-17215, which involves another RCE vulnerability and affects Huawei HG532 router devices, for its attacks.”Trend Micro said.