Miori is just one of the many Mirai offshoots. Once any of these Mirai variants infects a Linux machine, it will become part of a botnet that facilitates distributed denial-of-service (DDoS) attacks. The aforementioned variants all use factory default credentials via Telnet to log in and spread to other devices. We expect malicious actors to abuse the ThinkPHP exploit for their respective gains.Īside from Miori, several known Mirai variants like IZ1H9 and APEP were also spotted using the same RCE exploit for their arrival method. Interestingly, our Smart Protection Network also showed a recent increase on events related to the ThinkPHP RCE. For its arrival method, the IoT botnet uses the said exploit that affects ThinkPHP versions prior to 5.0.23 and 5.1.31. The exploit related to the vulnerability is relatively new - details about it have only surfaced on December 11. We analyzed another Mirai variant called “Miori,” which is being spread through a Remote Code Execution (RCE) vulnerability in the PHP framework, ThinkPHP. Different Mirai variants and derivatives have cropped up since its source code was leaked in 2016. Perhaps the most infamous IoT threat is the constantly evolving Mirai malware, which has been used in many past campaigns that compromised devices with default or weak credentials. The exploitation of vulnerabilities in smart devices has been a persistent problem for many internet of things (IoT) users.
0 kommentar(er)
