Score: | 76 |
Range: | 0 - 100 |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
|
AV Detection |
|
---|
Source: |
Avira: |
Source: |
Virustotal: |
Perma Link | ||
Source: |
ReversingLabs: |
Spreading |
|
---|
Source: |
Opens: |
Jump to behavior |
Networking |
|
---|
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior |
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
||
Source: |
UDP traffic: |
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior |
Source: |
Reads hosts file: |
Jump to behavior |
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
Source: |
DNS traffic detected: |
||
Source: |
DNS traffic detected: |
||
Source: |
DNS traffic detected: |
Source: |
Program segment: |
Source: |
Classification label: |
Persistence and Installation Behavior |
|
---|
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior | ||
Source: |
Iptables executable using switch for changing the iptables rules: |
Jump to behavior |
Source: |
Directory: |
Jump to behavior |
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior |
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior | ||
Source: |
Shell command executed: |
Jump to behavior |
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior | ||
Source: |
Iptables executable: |
Jump to behavior |
Source: |
Stderr: iptables v1.8.4 (legacy): Couldn't load target `CWMP_CR':No such file or directoryTry `iptables -h' or 'iptables --help'
for more information.iptables: No chain/target/match by that name.: |
Hooking and other Techniques for Hiding and Protection |
|
---|
Source: |
File: |
Jump to behavior |
Source: |
Submission file: |
Source: |
Queries kernel information via 'uname': |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Stealing of Sensitive Information |
|
---|
Source: |
File source: |
Remote Access Functionality |
|
---|
Source: |
File source: |
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
119.34.160.228 | unknown | China | 17622 | CNCGROUP-GZChinaUnicomGuangzhounetworkCN | false | |
189.129.211.64 | unknown | Mexico | 8151 | UninetSAdeCVMX | false | |
189.139.172.241 | unknown | Mexico | 8151 | UninetSAdeCVMX | false | |
181.42.46.105 | unknown | Chile | 27651 | ENTELCHILESACL | false | |
195.98.68.52 | unknown | Russian Federation | 6856 | IC-VORONEZH-ASInformsvyaz-ChernozemyeRU | false | |
31.60.104.7 | unknown | Poland | 5617 | TPNETPL | false | |
99.240.197.244 | unknown | Canada | 812 | ROGERS-COMMUNICATIONSCA | false | |
78.85.4.135 | unknown | Russian Federation | 12389 | ROSTELECOM-ASRU | false | |
14.192.214.208 | unknown | Malaysia | 9534 | MAXIS-AS1-APBinariangBerhadMY | false | |
80.11.235.118 | unknown | France | 3215 | FranceTelecom-OrangeFR | false | |
187.190.166.141 | unknown | Mexico | 17072 | TOTALPLAYTELECOMUNICACIONESSADECVMX | false | |
177.52.82.94 | unknown | Brazil | 262439 | JARDNETINFORMATICALTDA-EPPBR | false | |
79.190.191.74 | unknown | Poland | 5617 | TPNETPL | false | |
77.172.35.225 | unknown | Netherlands | 1136 | KPNKPNNationalEU | false | |
190.56.32.232 | unknown | Guatemala | 14754 | TelguaGT | false | |
199.45.219.152 | unknown | United States | 2379 | CENTURYLINK-LEGACY-EMBARQ-WNPKUS | false | |
58.241.139.153 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
190.101.84.250 | unknown | Chile | 22047 | VTRBANDAANCHASACL | false | |
41.193.87.152 | unknown | South Africa | 11845 | Vox-TelecomZA | false | |
5.3.252.254 | unknown | Russian Federation | 50543 | SARATOV-ASRU | false | |
79.177.128.82 | unknown | Israel | 8551 | BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneIL | false | |
222.187.254.73 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
81.101.129.89 | unknown | United Kingdom | 5089 | NTLGB | false | |
113.148.125.188 | unknown | Japan | 2516 | KDDIKDDICORPORATIONJP | false | |
144.217.181.115 | unknown | Canada | 16276 | OVHFR | false | |
109.94.85.146 | unknown | Russian Federation | 50060 | ANNETRU | false | |
190.240.69.24 | unknown | Colombia | 13489 | EPMTelecomunicacionesSAESPCO | false | |
190.193.152.141 | unknown | Argentina | 10481 | TelecomArgentinaSAAR | false | |
117.24.165.173 | unknown | China | 133776 | CHINATELECOM-FUJIAN-QUANZHOU-IDC1QuanzhouCN | false | |
179.96.135.23 | unknown | Brazil | 28634 | LifeTecnologiaLtdaBR | false | |
82.221.103.244 | router.utorrent.com | Iceland | 50613 | THORDC-ASIS | false | |
113.89.244.83 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
188.2.115.47 | unknown | Serbia | 31042 | SERBIA-BROADBAND-ASSerbiaBroadBand-SrpskeKablovskemreze | false | |
148.71.121.183 | unknown | Portugal | 12353 | VODAFONE-PTVodafonePortugalPT | false | |
54.70.174.84 | unknown | United States | 16509 | AMAZON-02US | false | |
198.162.193.189 | unknown | United States | 46231 | WATCHCOMM-INUS | false | |
79.185.46.91 | unknown | Poland | 5617 | TPNETPL | false | |
176.226.202.11 | unknown | Russian Federation | 8369 | INTERSVYAZ-AS38-BKomsomolskyprospektRU | false | |
92.16.182.203 | unknown | United Kingdom | 13285 | OPALTELECOM-ASTalkTalkCommunicationsLimitedGB | false | |
117.24.165.65 | unknown | China | 133776 | CHINATELECOM-FUJIAN-QUANZHOU-IDC1QuanzhouCN | false | |
177.52.48.235 | unknown | Brazil | 28198 | IsimplesTelecomeHardwareLtdaBR | false | |
91.192.20.140 | unknown | Russian Federation | 42291 | ISTRANET-ASIstranetLLCASRU | false | |
91.121.7.132 | unknown | France | 16276 | OVHFR | false | |
2.103.108.201 | unknown | United Kingdom | 13285 | OPALTELECOM-ASTalkTalkCommunicationsLimitedGB | false | |
45.238.183.98 | unknown | Colombia | 266860 | CONEXIONDIGITALEXPRESSSASCO | false | |
82.39.237.234 | unknown | United Kingdom | 5089 | NTLGB | false | |
68.226.67.22 | unknown | United States | 22773 | ASN-CXA-ALL-CCI-22773-RDCUS | false | |
213.94.41.136 | unknown | Spain | 3313 | INET-ASIT | false | |
189.196.45.102 | unknown | Mexico | 13999 | MegaCableSAdeCVMX | false | |
175.204.168.7 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
54.77.218.23 | unknown | United States | 16509 | AMAZON-02US | false | |
144.76.166.157 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
113.26.87.94 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
79.140.117.203 | unknown | Germany | 15366 | DNSNETGermanInternetServiceProvidersDE | false | |
201.188.189.46 | unknown | Chile | 7418 | TELEFONICACHILESACL | false | |
213.80.212.27 | unknown | Russian Federation | 15974 | VTT-ASISPSaratovRussiaRU | false | |
124.91.148.108 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
211.48.88.198 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
67.215.246.10 | router.bittorrent.com | United States | 8100 | ASN-QUADRANET-GLOBALUS | false | |
83.222.166.141 | unknown | Bulgaria | 12615 | GCN-ASGCNAD-SofiaBulgariaBG | false | |
91.175.39.237 | unknown | France | 12322 | PROXADFR | false | |
103.199.205.126 | unknown | India | 9829 | BSNL-NIBNationalInternetBackboneIN | false | |
106.14.195.230 | unknown | China | 37963 | CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | false | |
112.118.83.13 | unknown | Hong Kong | 4760 | HKTIMS-APHKTLimitedHK | false | |
91.239.227.43 | unknown | unknown | 14576 | HOSTING-SOLUTIONSUS | false | |
178.247.145.191 | unknown | Turkey | 16135 | TURKCELL-ASTurkcellASTR | false | |
98.209.107.208 | unknown | United States | 7922 | COMCAST-7922US | false | |
82.50.89.36 | unknown | Italy | 3269 | ASN-IBSNAZIT | false | |
94.68.18.162 | unknown | Greece | 6799 | OTENET-GRAthens-GreeceGR | false | |
2.183.108.235 | unknown | Iran (ISLAMIC Republic Of) | 58224 | TCIIR | false | |
90.201.53.148 | unknown | United Kingdom | 5607 | BSKYB-BROADBAND-ASGB | false | |
188.65.232.39 | unknown | Russian Federation | 38984 | M9COM-ASRU | false | |
188.255.55.114 | unknown | Russian Federation | 42610 | NCNET-ASRU | false |
Name | IP | Active |
---|---|---|
daisy.ubuntu.com | 162.213.35.24 | true |
router.bittorrent.com | 67.215.246.10 | true |
router.utorrent.com | 82.221.103.244 | true |