New Miori Variant Uses Unique Protocol to Communicate with C&C (Jul 10, 2019)
A new Mirai variant, “Miori” discovered by TrendMicro last year, has reappeared using a new technique in how it communicates with the C2 server. Previously Mirai utilized binary-based communications with the C2 server, however, the “Miori” variant appears to utilize text-based protocols to communicate with the C2 server. Scanning vulnerable hosts, the malware sends IP and account information to the C2 server and executes a malicious script. Using XOR for encryption, the malware is similar to Mirai, with different decoding methods being used to further evade detection.
Recommendation: Users should always apply security updates immediately to reduce the chance of becoming infected with malware. Changing credentials can increase security and reduce unauthorized access.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.