Rewterz Threat Alert – Mirai Botnet – Active IOCs

Severity

High

Analysis Summary

A new Mirai variant is making the rounds called mirai_pteamirai. This botnet is one of the significant botnets targeting exposed networking devices running Linux. Mirai means ‘future’ in Japanese. This botnet is one of the active botnet and used to cause DDoS conditions. IP cameras, home routers, and other IoT devices are the common targets of this botnet.

Impact

• Server Outage
• Data Loss
• Website Downtime

Indicators of Compromise

MD5

• 2d5dfafa280e1648d1ba9dcc7a19c7cf
• b0cf4e848722819a6d6de973f053543a
• d7abeb829bdd88dedcb5be36886c1d2d
• c82a1d08d037dc72c22024968d321bac
• 4c6847ae594c12dbab6bf1e8b22134fa
• d2e9ad649205ed4c3d91e883de41fb54
• b74f19ef18e43a0e3d4328bb71c4a15f

SHA-256

• b7c7f94d807ef9d683e74c5b493f579013c04cfb3372c91a1883e5535e351ff5
• 4bdc8f7efdc445f8b01b7880bb9ecf0cddaa31fbee7df51c1e3b68d86751dc65
• b491c05cf9cbf677808f117663e6ad36a36f6ffd8b8e74a591711431ae9deb67
• 3db939f47de8013a9aa483150567acab61feb3a907e94eadc87d38a8a4d268f6
• 1598d82dfe9b65cfa35d722e8e654e2c3ef48c2c513dcf4dd933901f74a53b30
• 7817f722065b9f9a8b7a10cb9df91371675daea82dcbdf043bae9ebbf11aab14
• e5345b86fce8ae2c4c25586b00ffc7e8e6699f3a4f9a8755d770824719c390ba

SHA-1

• ef2b8c46a94ffe3e95b23477ea669a0936d6c675
• 7f9aa6fc0568958317269e2759cb53a960021491
• 8cf25862ecfaef07e656ae5f079adc9bb5709177
• 5c297f9c0dbbf732c6483434ffd8acb3304825ac
• e022f0f0430133b11b8f9494f0d24006267fa8d4
• bf722cd1a342bd43e4a25434b6c088c680ae7cd9
• ccb90db93dfe301d9aefb09578cb197dd144b7c7

Remediation

• Upgrade your operating system.
• Don’t open files and links from unknown sources.
• Install and run anti-virus scans.