Notes on Mirai Botnet

Source Code

REF
/mirai/bot/scanner.c
lines 688-701
NOTE
Scanner is used to find vulnerable IoT devices.
Hard coded IP addresses to avoid.

REF
/mirai/bot/killer.c
line 253 (definition) and line 86 (example usage)
NOTE
Bot's territorial nature shown by killing other processes running based on their ports.

REF
/mirai/bot/table.h
lines 20-33
NOTE
Defining strings and values that can be used to for several functions.
Possibly an obfuscation technique. As strings can be referenced from here rather than hardcoded in.

Back to Notes List