IoT.Linux.MIRAI.VWISI

它以其他恶意软件释放的文件或用户访问恶意网站时不知不觉下载的文件的形式到达系统。

新病毒详细信息

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

其他详细信息

该程序执行以下操作：

• It uses the following credentials to try to login to other devices:
  • taZz@23495859
  • root
  • tsgoingon
  • solokey
  • admin
  • default
  • user
  • guest
  • telnetadmin
  • 1111
  • 1234
  • 12345
  • 123456
  • 54321
  • 88888888
  • 20080826
  • 666666
  • 1001chin
  • xc3511
  • vizxv
  • 5up
  • jvbzd
  • hg2x0
  • Zte521
  • grouter
  • telnet
  • oelinux123
  • tl789
  • GM8182
  • hunt5759
  • telecomadmin
  • twe8ehome
  • h3c
  • nmgx_wapia
  • private
  • abc123
  • ROOT500
  • ahetzip8
  • anko
  • ascend
  • blender
  • cat1029
  • changeme
  • iDirect
  • nflection
  • ipcam_rt5350
  • swsbzkgn
  • juantech
  • pass
  • password
  • svgodie
  • t0talc0ntr0l4!
  • zhongxing
  • zlxx.
  • zsun1188
  • xmhdipc
  • klv123
  • hi3518
  • dreambox
  • system
  • iwkb
  • realtek
  • 00000000
  • huigu309
  • win1dows
  • antslq
• It displays the following string once executed in the command line:
  • unstableishere
• It may spread to other devices by taking advantage of the following vulnerabilities:
  • Symantec Web Gateway 5.0.2.8 - Remote Code Execution
  • D-Link Devices - UPnP SOAP Command Execution
  • Linksys E-series - Remote Code Execution
  • AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities
  • MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Command Execution
  • CVE-2018-17173| LG SuperSign EZ CMS 2.5 - Remote Code Execution
  • ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
  • Netlink GPON Router 1.0.11 - Remote Code Execution
  • CVE-2020-10173 | Comtrend VR-3033 - Command Injection