This new Mirai variant exploits CVE-2020-10173, a vulnerability in Comtrend VR-3033 routers. Similar to earlier variants, this Mirai variant uses telnet and SSH brute-forcing techniques to attack vulnerable devices.

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Arrival Details

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Backdoor Routine

This Backdoor connects to the following URL(s) to send and receive commands from a remote malicious user:

  • methcnc.{BLOCKED}s.org
  • methscan.{BLOCKED}s.org

Denial of Service (DoS) Attack

This Backdoor is capable of performing various network denial-of-service (DoS) attacks:

    Other Details

    This Backdoor does the following: