Mirai Samples
Here there is a collection of Mirai samples we have collected for different platforms.
b0803b91933fe61b1abc91b001699058 mirai.arm d2273df4dcff8cca812104cf17a23bca mirai.arm7 c16ea02487ddcdfbae313f45de23d064 mirai.mips edeb470ad89d81dfcf72e5c9d7a9eb6c mirai.ppc 1cb8051b5a220b12a913048a23490f02 mirai.sh4
They can be downloaded in a bundle here
mirai-2016-09-28
And if you wonder what passwords are good to choose to get compromised, here it is a list of frequencies
enable:system 33.78% shell:sh 33.43% admin:admin 2.93% root:xc3511 2.39% root:vizxv 1.81% root:admin 1.61% root:xmhdipc 1.28% root:123456 1.28% root:888888 1.27% support:support 1.26% root:54321 1.21% root:juantech 1.18% root:anko 1.10% root:12345 1.08% admin: 1.03% root:default 1.01% admin:password 1.00% root:root 0.96% root: 0.93% user:user 0.81% admin:smcadmin 0.76% root:pass 0.75% admin:admin1234 0.70% root:1111 0.67% guest:12345 0.59% root:1234 0.55% root:password 0.50% root:666666 0.45% admin:1111 0.40% service:service 0.35% root:system 0.35% supervisor:supervisor 0.32% root:klv1234 0.31% administrator:1234 0.31% root:ikwb 0.30% root:Zte521 0.28% Administrator:meinsm 0.28% admin:pass 0.27% admin:4321 0.27% ubnt:ubnt 0.25%
Update: 1st October 2016! Anna-senpai released the source code of Mirai. As part of the release Anna-Senai confirms that he/she is using 3x 10gbps NForce servers for loading (distributor distributes to 3 servers equally)
The command and control of the botnet has rotated by the IPs
103.1.210.27 103.1.210.28 185.130.225.65 185.130.225.66 185.130.225.83 185.130.225.90 185.130.225.94 185.130.225.95 185.70.105.161 185.70.105.164 185.93.185.11 185.93.185.12 200.170.143.5 46.249.38.145 46.249.38.146 46.249.38.148 46.249.38.149 46.249.38.150 46.249.38.151 46.249.38.152 46.249.38.153 46.249.38.154 46.249.38.155 46.249.38.159 46.249.38.160 46.249.38.161 80.87.205.10 80.87.205.11