The source code of the components of the Mirai IoT botnet is freely available.

Last week, several powerful DDoS attacks were detected. First, at the hands of hackers, journalist Bryan Krebs suffered, on the site of which they attacked DDoS with a capacity of about 620 Gbit / s. Then the attack was reported by representatives of the French hosting provider OVH, the attack on which reached 1 TB / s.

The attack was carried out through a botnet consisting of more than 152,000 IoT devices, including surveillance cameras and DVRs. This botnet has about 150,000 cameras and is capable of generating attacks up to 1.5 Tb / s using tcp / ack, tcp / ack + psh and tcp / syn.

Hackforums, under the nickname Anna-senpai, posted the source code of the components of the Mirai botnet, most likely used during these large-scale attacks.
')

“When I first go in the DDoS industry, I’ve not been planning on it,” Anna-senpai wrote. “I made my money, I’m looking at IOT now, so it’s time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs were slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping. ”

This software continuously scans the entire range of IP addresses to search for devices with hardened credentials to infect and distribute the botnet. After infection, the device sends a message to the command center, from which the actions in ddos ​​attacks are coordinated.

For those who like to look for the trace of Russian hackers, then there is one, in the cnc / admin.go file you can find the output in the comments script in Russian:

cnc / admin.go: this.conn.Write ([] byte ("\ 033 [34; 1m user \ 033 [33; 3m: \ 033 [0m"))
cnc / admin.go: this.conn.Write ([] byte ("\ 033 [34; 1m password \ 033 [33; 3m: \ 033 [0m"))
cnc / admin.go: this.conn.Write (append ([] byte ("\ r \ 033 [37; 1m checking accounts ... \ 033 [31m"), spinBuf [i% len (spinBuf)]))

Technical details and description.