2025-12-17: Mirai activity (Linux traffic)
2025年12月17日检测到Mirai恶意软件活动,包括使用wget下载bash脚本及多个Linux可执行文件。脚本从158.94.210[.]88/jaws获取,并尝试通过TCP端口23和37215进行连接。提供了相关 pcap 文件和恶意样本供分析。 2025-12-22 05:50:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:3 收藏
2025年12月17日检测到Mirai恶意软件活动,包括使用wget下载bash脚本及多个Linux可执行文件。脚本从158.94.210[.]88/jaws获取,并尝试通过TCP端口23和37215进行连接。提供了相关 pcap 文件和恶意样本供分析。 2025-12-22 05:50:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:3 收藏
2025-12-17 (WEDNESDAY): MIRAI ACTIVITY (LINUX TRAFFIC)
ASSOCIATED FILES:
- 2025-12-17-IOCs-for-Mirai-activity.txt.zip 1.2 kB (1,230 bytes)
- 2025-12-17-Mirai-traffic.zip 3.2 MB (3,153,184 bytes)
- 2025-12-17-Mirai-malware-samples.zip 109.6 kB (109,647 bytes)
2025-12-17 (WEDNESDAY): MIRAI ACTIVITY NOTES: - I saw in-the-wild scans/probes as recently as 2025-12-03 that used wget to run a bash script from: -- 158.94.210[.]88/jaws -- The user-agent in the HTTP headers was: Hello, world - On 2025-12-17, I fired up a Linux VM and ran the script returned from 158.94.210[.]88/jaws - This blog post contains the associated pcaps and malware from the activity. ASSOCIATED FILES: - SHA256 hash: 75eadf63fa491843ff2580532080b3e664b37a7acc44a29fdeda3922bee1b6b8 - File size: 4,816 bytes - File type: Bourne-Again shell script text executable, ASCII text, with very long lines (349) - File location: hxxp[:]//158.94.210[.]88/jaws - File description: bash script to retrieve and run files for Mirai - SHA256 hash: 5a5be8301b1b61d5ffe08de1b358574f72fad83a739b9e12ae70e93fa6ba5b14 - File size: 96,408 bytes - File type: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped - File location: hxxp[:]//158.94.210[.]88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips - File description: Linux executable file for Mirai - SHA256 hash: 85e6515d887fb0ddf498df540c1a71b10438f722d85b95d613e0cbe37b7c4261 - File size: 97,224 bytes - File type: ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped - File location: hxxp[:]//158.94.210[.]88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl - File description: Linux executable file for Mirai - SHA256 hash: 74ee95ea935954d8320594f45a3ed34d956637f399d927d75f080648800106a0 - File size: 66,544 bytes - File type: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped - File location: hxxp[:]//158.94.210[.]88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86 - File description: Linux executable file for Mirai POST INFECTION TRAFFIC: - Various IP addresses over TCP port 23 - Attempted Telnet connections - Various IP addresses over TCP port 37215 - Attempted TCP connections
Click here to return to the main page.
文章来源: https://www.malware-traffic-analysis.net/2025/12/17/index.html
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh