Mirai Botnet's Extended Army Takes Aim at IoT Devices

What’s the latest update?

• Palo Alto researchers found four new variants of Mirai from two recently discovered campaigns. These variants leveraged two command injection vulnerability exploits as attack vectors to deliver the malware. 
• The first exploit targeted a command injection vulnerability in web service with an NTP server setting feature and the second exploit was associated with a flaw in HTTP request headers.
• The variants, named Variant One, Variant Two, Variant Three, and Variant Four, possessed the necessary functionality to launch DDoS attacks. However, Variant Four was presented as the most dangerous of all other variants. 

That’s not all

• In the first week of October, a variant of the Mirai, called Ttint, was uncovered launching attacks against Tenda routers.
• One of its kind, the variant came with DDoS capabilities, along with RAT and spyware functions. 
• Overall, Ttint can carry out 10 typical Mirai DDoS attack instructions, along with 12 RAT instructions and 22 custom C2 commands.  
• During the same time period, researchers also spotted an attack leveraging the Demonbot variant of Mirai, along with a second variant of Mirai developed by Scarface.
• Launched by the Priority threat actor group, the attack vigorously scanned ports 5500, 5501, 5502, 5050, and 60001 to gain access to devices. 

What to infer from this?