Open covertpluto opened 2 hours ago
It seems to be related to the MIRAI botnet and the scripts dropped will download more scripts depending on the target architecture. The ANYRUN analysis is in the PDF but here's the link anyways https://app.any.run/tasks/9988b4e4-86e2-4b84-a491-752a44ecf798
Hi, I got the same kind of request hitting my apache 2 server. I put the file into ANYRUN, hope this is useful to you (different IPs, same story). Malware analysis jaws Malicious activity ANY.RUN - Malware Sandbox Online.pdf