The Mirai is one of the most famous maliciously software, targeting and production Appliances, such as IP cameras and DVRs. The goal is gaining full control of these devices. It malware exploits vulnerable ports, default credentials and various vulnerabilities. It then adds the devices to a botnet network.
Using Tor helps to avoid detection.
A Trend Micro researcher has discovered a sample of four C&C servers with 30 hard-coded IP addresses. The sample was isolated from them researchers in a sandbox environment and studied.
Researchers after their study confirmed that the hackers had actually used Tor network.
The new version of Mirai scans the 9527 and 34567 TCP ports in order to find unprotected IP cameras and DVRs so that hackers can get remote access devices.
After scanning, hackers use regular or default codes access to access infected devices.
Researchers at Trend Micro have discovered a DdoS command sent from the C&C server via a UDP flood attack to a specific IP address.
The attackers decided to place the C & C server on Tor to avoid tracking their IP address.
Researchers also discovered another distribution server. Apparently, hackers designed the new version of Mirai to attack multiple networks. Experts recommend simple users and businesses to update the systems and their devices with the latest patches. Also, the default must be changed credentials and replace them with more complex and powerful passwords and yes implement multiple authentication systems to avoid such attacks.