New(ish) Mirai Spreader Poses New Risks
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a3ae7984-43e0-4b05-a8ca-7ed6b698c82c |
| Fingerprint | 851e96df2f8711be |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 21, 2017, 8:56 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | New(ish) Mirai Spreader Poses New Risks |
| Title | New(ish) Mirai Spreader Poses New Risks |
| Detected Hints/Tags/Attributes | 78/3/172 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | downs.b591.com |
|
| Details | Domain | 1 | down.mykings.pw |
|
| Details | Domain | 1 | up.mykings.pw |
|
| Details | Domain | 1 | img1.timeface.cn |
|
| Details | Domain | 1 | dwon.f321y.com |
|
| Details | Domain | 1 | down2.b5w91.com |
|
| Details | Domain | 1 | down.f4321y.com |
|
| Details | Domain | 2 | up.f4321y.com |
|
| Details | Domain | 3 | js.f4321y.com |
|
| Details | Domain | 1 | down.b591.com |
|
| Details | Domain | 1 | down2.b591.com |
|
| Details | Domain | 1 | dwon.kill1234.com |
|
| Details | Domain | 1 | malwaremusings.com |
|
| Details | Domain | 425 | isc.sans.edu |
|
| Details | Domain | 19 | blog.malwaremustdie.org |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 145 | threatpost.com |
|
| Details | File | 2 | ups.rar |
|
| Details | File | 5 | cab.exe |
|
| Details | File | 7 | ms.exe |
|
| Details | File | 5 | cftmon.exe |
|
| Details | File | 1 | c:\windows\system\msinfo.exe |
|
| Details | File | 7 | update.txt |
|
| Details | File | 7 | ver.txt |
|
| Details | File | 1 | b27590a4b89d31dc0210c3158b82c175.jpg |
|
| Details | File | 2 | my1.html |
|
| Details | File | 1 | c:\windows\system\my1.bat |
|
| Details | File | 1 | c:\windows\system\upslist.txt |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 1 | c:\program files\kugou2010\ms.exe |
|
| Details | File | 1 | checkupdate.cpp |
|
| Details | File | 1 | cracker_inline.cpp |
|
| Details | File | 1 | cracker_standalone.cpp |
|
| Details | File | 1 | cservice.cpp |
|
| Details | File | 1 | cthreadpool.cpp |
|
| Details | File | 1 | db_mysql.cpp |
|
| Details | File | 1 | dispatcher.cpp |
|
| Details | File | 1 | ipfetcher.cpp |
|
| Details | File | 1 | libtelnet.cpp |
|
| Details | File | 1 | logger_stdout.cpp |
|
| Details | File | 1 | scanner_tcp_connect.cpp |
|
| Details | File | 1 | scanner_tcp_raw.cpp |
|
| Details | File | 1 | serveragent.cpp |
|
| Details | File | 1 | task_crack_ipc.cpp |
|
| Details | File | 1 | task_crack_mssql.cpp |
|
| Details | File | 1 | task_crack_mysql.cpp |
|
| Details | File | 1 | task_crack_rdp.cpp |
|
| Details | File | 1 | task_crack_ssh.cpp |
|
| Details | File | 1 | task_crack_telnet.cpp |
|
| Details | File | 1 | task_crack_wmi.cpp |
|
| Details | File | 1 | task_scan.cpp |
|
| Details | File | 1 | wpd.cpp |
|
| Details | File | 1 | catdbsvc.cpp |
|
| Details | File | 1 | catadnew.cpp |
|
| Details | File | 1 | catdbcli.cpp |
|
| Details | File | 1 | waitsvc.cpp |
|
| Details | File | 1 | errlog.cpp |
|
| Details | File | 48 | trojan.bat |
|
| Details | File | 9 | mysql.exe |
|
| Details | File | 1 | kill.html |
|
| Details | File | 25 | test.html |
|
| Details | File | 1 | wpdmd5.txt |
|
| Details | File | 1 | wpd.dat |
|
| Details | File | 4 | item.dat |
|
| Details | File | 6 | ups.exe |
|
| Details | File | 1 | cao.exe |
|
| Details | File | 1 | cab.rar |
|
| Details | File | 1 | cacls.rar |
|
| Details | File | 1 | c:\downs\runs.exe |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 5 | scrrun.dll |
|
| Details | File | 1 | msado15.dll |
|
| Details | File | 27 | jscript.dll |
|
| Details | File | 23 | vbscript.dll |
|
| Details | File | 62 | scrobj.dll |
|
| Details | File | 1 | c:\download cacls cmd.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 30 | ftp.exe |
|
| Details | File | 1 | c:\windows\help\akpls.exe |
|
| Details | File | 1 | c:\windows\system32\wbem\se.bat |
|
| Details | File | 1 | c:\windows\system32\wbem\12345.bat |
|
| Details | File | 1 | c:\windows\system32\wbem\123456.bat |
|
| Details | File | 1 | c:\windows\system32\wbem\1234.bat |
|
| Details | File | 4 | mmd-0056-2016-linuxmirai-just.html |
|
| Details | md5 | 1 | fb7b79e9337565965303c159f399f41b |
|
| Details | md5 | 1 | 5707f1e71da33a1ab9fe2796dbe3fc74 |
|
| Details | md5 | 1 | 02b0021e6cd5f82b8340ad37edc742a0 |
|
| Details | md5 | 1 | bf3b211fa17a0eb4ca5dcdee4e0d1256 |
|
| Details | md5 | 1 | b27590a4b89d31dc0210c3158b82c175 |
|
| Details | md5 | 1 | 64f0f4b45626e855b92a4764de62411b |
|
| Details | md5 | 1 | 10164584800228de0003a37be3a61c4d |
|
| Details | md5 | 1 | ad0496f544762a95af11f9314e434e94 |
|
| Details | md5 | 1 | e7761db0f63bc09cf5e4193fd6926c5e |
|
| Details | md5 | 1 | c88ece9a379f4a714afaf5b8615fc66c |
|
| Details | md5 | 1 | 91a12a4cf437589ba70b1687f5acad19 |
|
| Details | md5 | 1 | a3c09c2c3216a3a24dce18fd60a5ffc2 |
|
| Details | md5 | 1 | 297d1980ce171ddaeb7002bc020fe6b6 |
|
| Details | md5 | 1 | a4c7eb57bb7192a226ac0fb6a80f2164 |
|
| Details | md5 | 1 | fd7f188b853d5eef3760228159698fd8 |
|
| Details | md5 | 1 | cbe2648663ff1d548e036cbe4351be39 |
|
| Details | md5 | 1 | eb814d4e8473e75dcbb4b6c5ab1fa95b |
|
| Details | md5 | 1 | 04eb90800dff297e74ba7b81630eb5f7 |
|
| Details | md5 | 1 | 508f53df8840f40296434dfb36087a17 |
|
| Details | md5 | 1 | 93ccd8225c8695cade5535726b0dd0b6 |
|
| Details | md5 | 1 | 62270a12707a4dcf1865ba766aeda9bc |
|
| Details | md5 | 1 | 43e7580e15152b67112d3dad71c247ec |
|
| Details | md5 | 1 | 0779a417e2bc6bfac28f4fb79293ec34 |
|
| Details | md5 | 1 | ac8d3581841b8c924a76e7e0d5fced8d |
|
| Details | md5 | 1 | cf1ba0472eed104bdf03a1712b3b8e3d |
|
| Details | md5 | 1 | 4eee4cd06367b9eac405870ea2fd2094 |
|
| Details | md5 | 1 | 21d291a8027e6de5095f033d594685d0 |
|
| Details | md5 | 1 | 097d32a1dc4f8ca19a255c401c5ab2b6 |
|
| Details | md5 | 1 | 5950dfc2f350587a7e88fa012b3f8d92 |
|
| Details | md5 | 1 | 2d411f5f92984a95d4c93c5873d9ae00 |
|
| Details | md5 | 1 | 9a83639881c1a707d8bbd70f871004a0 |
|
| Details | md5 | 1 | 5cae130b4ee424ba9d9fa62cf1218679 |
|
| Details | md5 | 1 | 2346135f2794de4734b9d9a27dc850e1 |
|
| Details | md5 | 1 | fe7d9bdbf6f314b471f89f17b35bfbcd |
|
| Details | md5 | 1 | c289c15d0f7e694382a7e0a2dc8bdfd8 |
|
| Details | md5 | 1 | 9098e520c4c1255299a2512e5e1135ba |
|
| Details | md5 | 1 | db2a34ac873177b297208719fad97ffa |
|
| Details | md5 | 1 | defff110df48eb72c16ce88ffb3b2207 |
|
| Details | md5 | 1 | c75bd297b87d71c8c73e6e27348c67d5 |
|
| Details | md5 | 1 | 5af3bab901735575d5d0958921174b17 |
|
| Details | md5 | 1 | 1a6fea56dc4ee1c445054e6bc208ce4f |
|
| Details | md5 | 1 | ae173e8562f6babacb8e09d0d6c29276 |
|
| Details | IPv4 | 13 | 114.114.114.114 |
|
| Details | IPv4 | 295 | 8.8.8.8 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 67.229.225.20 |
|
| Details | Url | 1 | http://down.mykings.pw:8888/ups.rar |
|
| Details | Url | 1 | http://up.mykings.pw:8888/ups.rar |
|
| Details | Url | 1 | http://up.mykings.pw:8888/update.txt |
|
| Details | Url | 1 | http://up.mykings.pw:8888/ver.txt |
|
| Details | Url | 1 | http://img1.timeface.cn/times/b27590a4b89d31dc0210c3158b82c175.jpg |
|
| Details | Url | 1 | http://down.mykings.pw:8888/my1.html |
|
| Details | Url | 1 | http://dwon.f321y.com:280/mysql.exe |
|
| Details | Url | 1 | https://down2.b5w91.com:8443 |
|
| Details | Url | 1 | http://down.f4321y.com:8888/kill.html |
|
| Details | Url | 1 | http://down.f4321y.com:8888/test.html |
|
| Details | Url | 1 | http://down.f4321y.com:8888/ups.rar |
|
| Details | Url | 1 | http://67.229.225.20 |
|
| Details | Url | 1 | http://down.f4321y.com |
|
| Details | Url | 1 | http://up.f4321y.com |
|
| Details | Url | 1 | http://up.f4321y.com:8888/ver.txt |
|
| Details | Url | 1 | http://up.f4321y.com:8888/ups.rar |
|
| Details | Url | 1 | http://up.f4321y.com:8888/update.txt |
|
| Details | Url | 1 | http://up.f4321y.com:8888/wpdmd5.txt |
|
| Details | Url | 1 | http://up.f4321y.com:8888/wpd.dat |
|
| Details | Url | 1 | http://down.f4321y.com:8888/my1.html |
|
| Details | Url | 1 | http://up.mykings.pw:8888/wpdmd5.txt |
|
| Details | Url | 1 | http://up.mykings.pw:8888/wpd.dat |
|
| Details | Url | 1 | http://down.mykings.pw:8888/item.dat |
|
| Details | Url | 3 | http://js.f4321y.com:280/v.sct |
|
| Details | Url | 1 | http://down.b591.com:8888/ups.exe |
|
| Details | Url | 1 | http://down.b591.com:8888/ups.rar |
|
| Details | Url | 1 | http://down2.b591.com:8888/ups.rar |
|
| Details | Url | 1 | http://down2.b591.com:8888/wpd.dat |
|
| Details | Url | 1 | http://down2.b591.com:8888/wpdmd5.txt |
|
| Details | Url | 1 | http://down2.b591.com:8888/ver.txt |
|
| Details | Url | 1 | http://down.b591.com:8888/test.html |
|
| Details | Url | 1 | http://dwon.kill1234.com:280/cao.exe |
|
| Details | Url | 1 | http://down.b591.com:8888/cab.rar |
|
| Details | Url | 1 | http://down.b591.com:8888/cacls.rar |
|
| Details | Url | 1 | http://down.b591.com:8888/kill.html |
|
| Details | Url | 1 | https://malwaremusings.com/2013/04/10/a-look-at-some-ms-sql-attacks-overview |
|
| Details | Url | 1 | https://isc.sans.edu/diary/21543 |
|
| Details | Url | 1 | http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html?m=1 |
|
| Details | Url | 1 | https://securelist.com/blog/research/76954/is-mirai-really-as-black-as-its-being-painted |
|
| Details | Url | 1 | https://threatpost.com/mirai-fueled-iot-botnet-behind-ddos-attacks-on-dns-providers/121475 |
|
| Details | Url | 1 | https://securelist.com/analysis/quarterly-malware-reports/77412/ddos-attacks-in-q4-2016 |
|
| Details | Windows Registry Key | 41 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |