Description
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
Mozi.m
General
Target
Size
Sample
Mozi.m
300KB
210624-777p27gt9e
Score
9 /10
MD5
SHA1
SHA256
SHA512
04a77bca121eb725baf1f1556f192938
5c9110611a4f024be1e1bb9cfe3061c32ecc52f1
5063b629c039f293adc7c0d153d1dafb227b18f94e3e73f294f1f6f9abafd1b8
992f1f0dd6584cec4334101d93a32e81bf778f2b0c93b2aebb9be9fd90e15b384434a5cdbdd776b8b42c2c9a6c056ed66ba15bb032429dda7eed613206ad423a
Malware Config
Targets
Target
MD5
Filesize
Mozi.m
04a77bca121eb725baf1f1556f192938
300KB
Score
9/10
SHA1
SHA256
SHA512
5c9110611a4f024be1e1bb9cfe3061c32ecc52f1
5063b629c039f293adc7c0d153d1dafb227b18f94e3e73f294f1f6f9abafd1b8
992f1f0dd6584cec4334101d93a32e81bf778f2b0c93b2aebb9be9fd90e15b384434a5cdbdd776b8b42c2c9a6c056ed66ba15bb032429dda7eed613206ad423a
Signatures
-
Modifies the Watchdog daemon
-
Writes file to system bin folder
TTPs
-
Modifies hosts file
Description
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates active TCP sockets
Description
Gets active TCP sockets from /proc virtual filesystem.
TTPs
-
Reads system routing table
Description
Gets active network interfaces from /proc virtual filesystem.
TTPs
-
Reads system network configuration
Description
Uses contents of /proc filesystem to enumerate network settings.
TTPs
-
Reads runtime system information
Description
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Description
Malware often drops required files in the /tmp directory.
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks