Results for mirai

Threat Research

DDoS-for-Hire Service Powered by Bushido Botnet

The FortiGuard Labs team recently discovered a new platform offering DDoS-for-hire service called “0x-booter.” First appearing on October 17, 2018, 0x-booter is available to anyone who signs up on the website. As shown in the following figures, this service comes with an explicitly defined user interface which enables practically anyone to learn and use the service.

By Rommel Joven and Evgeny AnaninOctober 26, 2018

Threat Research

Hack in the Box GSEC Wrap Up

Hack in The Box (HITB) GSEC is a security conference that was held from the 27th to the 31st of August 2018 in Singapore. This was its 4th iteration, and this year it was split into two different sub-tracks: “GSec” and “CommSec.”

By Minh TranSeptember 07, 2018

Threat Research

Hide ‘N Seek: From Home Routers to Smart Home Insecurities

In this report we will take a look at HNS evolution and how it was able to add exploits on a regular basis over the past several months without making headlines.

Threat Research

Shinoa, Owari, Mirai: What's with All the Anime References?

In September 2016, the Mirai source code was leaked on Hack Forums. Ever since, there has been an explosion of malware targeting IoT devices, each bearing the name of a protagonist found in Japanese anime. FortiGuard Labs has been tracking these IoT botnets in order to provide the best possible protection for our customers.

By Minh TranMay 25, 2018

Threat Research

A Wicked Family of Bots

As we continue to keep track of the latest IoT botnets, the FortiGuard Labs team has seen an increasing number of Mirai variants, thanks to the source code being made public two years ago. Since then, threat actors have been adding their own flavours to the original recipe.

Threat Research

Searching for the Reuse of Mirai Code: Hide ‘N Seek Bot

At FortiGuard Labs we were interested in searching out other malware that leverages Mirai code modules. Interestingly, one of the families that showed up in our search was the Hide ‘N Seek (HNS) bot, which was discovered in January of 2018. HNS is a complex botnet that uses P2P to communicate with peers/other infected devices to receive commands. In this article, I will discuss how the Mirai bot code was used in this HNS bot.

By Jasper ManuelApril 16, 2018

Threat Research

RootedCon Wrap Up

RootedCon is a security conference held from the 1st to the 3rd of March in Madrid, Spain. This year’s conference was the ninth iteration, and one could see the results of those years of experience in the flawless organization at the event.

By Dario DurandoMarch 16, 2018

Threat Research

Dreambot 2017 vs. ISFB 2013

We recently received a malware sample recently that had been packed and compiled on Tue Feb 06 2018. After unpacking it, we found that it contained a version of the Dreambot/Ursnif trojan, which had a compilation date of Tue Oct 10 2017, suggesting that existing versions of Dreambot are now being packaged with brand-new droppers.

By Jerome CruzMarch 16, 2018

Threat Research

OMG: Mirai-based Bot Turns IoT Devices into Proxy Servers

In preparation for our talk entitled “IoT: Battle of Bots” at the RootedCon Security conference that will be held in Madrid, Spain this March 2018, the FortiGuard Labs team encountered yet another new Mirai variant.

Satori Adds Known Exploit Chain to Enslave Wireless IP Cameras

Satori, a Mirai based IoT bot, has been one of the most actively updated exploits in recent months. It is believed that the hacker behind this bot is also the author of other Mirai variants, known as Okiru, and Masuta. FortiGuard Labs researchers recently observed a new Satori version that had added a known exploit chain (one which had been used in the past by the Persirai bot) to enable it to spread to vulnerable devices, particularly, wireless IP cameras that run a vulnerable custom version of the GoAhead web server.