ELF/Mirai.BL!tr

description-logoAnalysis

ELF/Mirai.BL!tr is classified as a trojan.
A trojan is a type of malware that performs activites without the user’s knowledge. These activities commonly include establishing remote access connections, capturing keyboard input, collecting system information, downloading/uploading files, dropping other malware into the infected system, performing denial-of-service (DoS) attacks, and running/terminating processes.
The Fortinet Antivirus Analyst Team is constantly updating our descriptions. Please check the FortiGuard Encyclopedia regularly for updates.

description-logoOutbreak Alert

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 contains a command injection vulnerability in the web management interface specifically in the "Country" field. There is no sanitization of this field, so an attacker can exploit it for malicious activities and gain foothold. The vulnerability has been seen to be exploited in the wild to deploy Mirai botnet.

View the full Outbreak Alert Report

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-11-20 91.08976
2023-05-23 91.03531
2022-04-03 90.01052
2022-03-29 90.00925
2022-02-19 89.09765
2022-02-07 89.09420
2022-01-10 89.08587
2019-05-03 68.25000 Sig Added
2019-05-03 68.24700 Sig Updated