MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1d2a92ff0837293bd7e23dfdd917dada573475373746087bffa4faefee210f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 13


Intelligence 13 IOCs YARA 23 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1d2a92ff0837293bd7e23dfdd917dada573475373746087bffa4faefee210f9
SHA3-384 hash: aab7d498987f84ee8b135c72085a317f3110afbfe9a0858744f5a7650a55e36e3fb7c605d7ad5c5217b4b878342619cb
SHA1 hash: 90d95ea21f8fb05ffa3d986ae1d595ff22cdec40
MD5 hash: b932e6e927b829060ec384cbe3d0c9b7
humanhash: april-oklahoma-carpet-fruit
File name:miraint.x86
Download: download sample
Signature Mirai
Create hunting rule
File size:167'852 bytes
First seen:2025-12-28 17:52:51 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 3072:iW6EOC9xpj0xEN7qUv76hjEgPkEeWXlQ9abaFGXq/L8iN8UHGND2OafMVI:JOOvjSEN+kmhYgcEeWXET8pafMVI
TLSH T179F31A85AA43DAF3E84311F121F7AB364A72F83F143BD585E378BDA199416C1910A3BD
telfhash t1655143f65eb92bed67d5da02d34e6b20ee0ad1773810357d065313d812b7e4261b1c3a
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
DE DE
Vendor Threat Intelligence
Malware configuration found for:
Mirai
Details
Mirai
an XOR decryption key and at least a c2 socket address
Link:
https://research.acce.ciphertechsolutions.com/results/5dbe44af-cac8-43df-97ca-1bd3a41ffec4/
Detection(s):
SecuriteInfo.com.Linux.Mirai-63.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.29052.TSource.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.29524.LC.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-9835289-0
Create hunting rule

Unix.Trojan.Mirai-9866113-0
Create hunting rule

Unix.Trojan.Mirai-10028515-0
Create hunting rule

Unix.Trojan.Mirai-5607483-0
Create hunting rule

Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-12-28T14:58:00Z UTC
Last seen:
2025-12-28T18:53:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.b HEUR:Exploit.Linux.CVE-2018-10561.a HEUR:Exploit.Linux.CVE-2017-17215.a HEUR:Exploit.Linux.CVE-2014-8361.a
Link:
https://opentip.kaspersky.com/c1d2a92ff0837293bd7e23dfdd917dada573475373746087bffa4faefee210f9/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/cf3198da-f534-4c89-9118-fa86a26c64ae
Behavior Graph:
Download SVG
%3 guuid=b172b02f-1a00-0000-4d70-187bf90c0000 pid=3321 /usr/bin/sudo guuid=72180a32-1a00-0000-4d70-187bfa0c0000 pid=3322 /tmp/sample.bin net guuid=b172b02f-1a00-0000-4d70-187bf90c0000 pid=3321->guuid=72180a32-1a00-0000-4d70-187bfa0c0000 pid=3322 execve 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=72180a32-1a00-0000-4d70-187bfa0c0000 pid=3322->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=04f53832-1a00-0000-4d70-187bfb0c0000 pid=3323 /tmp/sample.bin guuid=72180a32-1a00-0000-4d70-187bfa0c0000 pid=3322->guuid=04f53832-1a00-0000-4d70-187bfb0c0000 pid=3323 clone guuid=7c124f32-1a00-0000-4d70-187bfc0c0000 pid=3324 /tmp/sample.bin delete-file write-config write-file zombie guuid=04f53832-1a00-0000-4d70-187bfb0c0000 pid=3323->guuid=7c124f32-1a00-0000-4d70-187bfc0c0000 pid=3324 clone guuid=804bf836-1a00-0000-4d70-187b040d0000 pid=3332 /usr/bin/dash guuid=7c124f32-1a00-0000-4d70-187bfc0c0000 pid=3324->guuid=804bf836-1a00-0000-4d70-187b040d0000 pid=3332 execve guuid=ad199572-1a00-0000-4d70-187b8c0d0000 pid=3468 /usr/bin/dash guuid=7c124f32-1a00-0000-4d70-187bfc0c0000 pid=3324->guuid=ad199572-1a00-0000-4d70-187b8c0d0000 pid=3468 execve guuid=933303a5-1a00-0000-4d70-187b0e0e0000 pid=3598 /usr/bin/dash guuid=7c124f32-1a00-0000-4d70-187bfc0c0000 pid=3324->guuid=933303a5-1a00-0000-4d70-187b0e0e0000 pid=3598 execve guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615 /tmp/sample.bin net guuid=7c124f32-1a00-0000-4d70-187bfc0c0000 pid=3324->guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615 clone guuid=b275a490-1f00-0000-4d70-187bf9140000 pid=5369 /tmp/sample.bin net guuid=7c124f32-1a00-0000-4d70-187bfc0c0000 pid=3324->guuid=b275a490-1f00-0000-4d70-187bf9140000 pid=5369 clone guuid=b19a3637-1a00-0000-4d70-187b050d0000 pid=3333 /usr/bin/systemctl guuid=804bf836-1a00-0000-4d70-187b040d0000 pid=3332->guuid=b19a3637-1a00-0000-4d70-187b050d0000 pid=3333 execve guuid=e0acdf72-1a00-0000-4d70-187b8e0d0000 pid=3470 /usr/bin/systemctl guuid=ad199572-1a00-0000-4d70-187b8c0d0000 pid=3468->guuid=e0acdf72-1a00-0000-4d70-187b8e0d0000 pid=3470 execve guuid=176c2ba5-1a00-0000-4d70-187b0f0e0000 pid=3599 /usr/bin/systemctl guuid=933303a5-1a00-0000-4d70-187b0e0e0000 pid=3598->guuid=176c2ba5-1a00-0000-4d70-187b0f0e0000 pid=3599 execve guuid=2fdaba13-0000-0000-4d70-187b01000000 pid=1 /usr/lib/systemd/systemd guuid=5539a2a6-1a00-0000-4d70-187b150e0000 pid=3605 /usr/bin/.sh net guuid=2fdaba13-0000-0000-4d70-187b01000000 pid=1->guuid=5539a2a6-1a00-0000-4d70-187b150e0000 pid=3605 execve guuid=5539a2a6-1a00-0000-4d70-187b150e0000 pid=3605->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3ad134a8-1a00-0000-4d70-187b190e0000 pid=3609 /usr/bin/.sh guuid=5539a2a6-1a00-0000-4d70-187b150e0000 pid=3605->guuid=3ad134a8-1a00-0000-4d70-187b190e0000 pid=3609 clone guuid=91273ca8-1a00-0000-4d70-187b1a0e0000 pid=3610 /usr/bin/.sh delete-file write-config zombie guuid=3ad134a8-1a00-0000-4d70-187b190e0000 pid=3609->guuid=91273ca8-1a00-0000-4d70-187b1a0e0000 pid=3610 clone guuid=5a04d0ab-1a00-0000-4d70-187b220e0000 pid=3618 /usr/bin/dash guuid=91273ca8-1a00-0000-4d70-187b1a0e0000 pid=3610->guuid=5a04d0ab-1a00-0000-4d70-187b220e0000 pid=3618 execve guuid=89005aac-1a00-0000-4d70-187b250e0000 pid=3621 /usr/bin/dash guuid=91273ca8-1a00-0000-4d70-187b1a0e0000 pid=3610->guuid=89005aac-1a00-0000-4d70-187b250e0000 pid=3621 execve guuid=ebc6b8db-1a00-0000-4d70-187bb40e0000 pid=3764 /usr/bin/dash guuid=91273ca8-1a00-0000-4d70-187b1a0e0000 pid=3610->guuid=ebc6b8db-1a00-0000-4d70-187bb40e0000 pid=3764 execve guuid=0abb4d05-1b00-0000-4d70-187b600f0000 pid=3936 /usr/bin/dash guuid=91273ca8-1a00-0000-4d70-187b1a0e0000 pid=3610->guuid=0abb4d05-1b00-0000-4d70-187b600f0000 pid=3936 execve guuid=0180fc08-1b00-0000-4d70-187b720f0000 pid=3954 /usr/bin/.sh net guuid=91273ca8-1a00-0000-4d70-187b1a0e0000 pid=3610->guuid=0180fc08-1b00-0000-4d70-187b720f0000 pid=3954 clone guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con c70544fc-d01a-5ba5-9c82-b6dcd8b2f0fa 86.54.42.154:443 guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615->c70544fc-d01a-5ba5-9c82-b6dcd8b2f0fa con guuid=24a7c0aa-1a00-0000-4d70-187b200e0000 pid=3616 /tmp/sample.bin guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615->guuid=24a7c0aa-1a00-0000-4d70-187b200e0000 pid=3616 clone guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052 /tmp/sample.bin net net-scan send-data guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615->guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052 clone guuid=0beac45d-1b00-0000-4d70-187b56100000 pid=4182 /tmp/sample.bin net net-scan send-data guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615->guuid=0beac45d-1b00-0000-4d70-187b56100000 pid=4182 clone guuid=4e4c7199-1b00-0000-4d70-187b22110000 pid=4386 /tmp/sample.bin net net-scan send-data guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615->guuid=4e4c7199-1b00-0000-4d70-187b22110000 pid=4386 clone guuid=029429d5-1b00-0000-4d70-187bdf110000 pid=4575 /tmp/sample.bin net net-scan send-data guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615->guuid=029429d5-1b00-0000-4d70-187bdf110000 pid=4575 clone guuid=be47db10-1c00-0000-4d70-187bb7120000 pid=4791 /tmp/sample.bin net guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615->guuid=be47db10-1c00-0000-4d70-187bb7120000 pid=4791 clone guuid=710e0c11-1c00-0000-4d70-187bb8120000 pid=4792 /tmp/sample.bin net net-scan send-data zombie guuid=096ba8aa-1a00-0000-4d70-187b1f0e0000 pid=3615->guuid=710e0c11-1c00-0000-4d70-187bb8120000 pid=4792 clone guuid=e260f8ab-1a00-0000-4d70-187b230e0000 pid=3619 /usr/bin/cp guuid=5a04d0ab-1a00-0000-4d70-187b220e0000 pid=3618->guuid=e260f8ab-1a00-0000-4d70-187b230e0000 pid=3619 execve guuid=6ea497ac-1a00-0000-4d70-187b270e0000 pid=3623 /usr/bin/systemctl guuid=89005aac-1a00-0000-4d70-187b250e0000 pid=3621->guuid=6ea497ac-1a00-0000-4d70-187b270e0000 pid=3623 execve guuid=fb0fe3db-1a00-0000-4d70-187bb50e0000 pid=3765 /usr/bin/systemctl guuid=ebc6b8db-1a00-0000-4d70-187bb40e0000 pid=3764->guuid=fb0fe3db-1a00-0000-4d70-187bb50e0000 pid=3765 execve guuid=88a48705-1b00-0000-4d70-187b620f0000 pid=3938 /usr/bin/systemctl guuid=0abb4d05-1b00-0000-4d70-187b600f0000 pid=3936->guuid=88a48705-1b00-0000-4d70-187b620f0000 pid=3938 execve 57d16544-f04f-5b5b-9557-de493f14ae55 0.0.0.0:48102 guuid=0180fc08-1b00-0000-4d70-187b720f0000 pid=3954->57d16544-f04f-5b5b-9557-de493f14ae55 con guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 79e82687-bff8-5531-b5e8-0983122b0818 157.230.0.114:80 guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052->79e82687-bff8-5531-b5e8-0983122b0818 send: 40B 726012d5-e4ea-5ded-9690-e246430f5383 38.253.172.248:80 guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052->726012d5-e4ea-5ded-9690-e246430f5383 send: 40B f0b1f621-75a9-5576-a418-24128ce16838 201.149.116.194:80 guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052->f0b1f621-75a9-5576-a418-24128ce16838 send: 40B 79892b65-c8f5-561d-8752-dc02de56eceb 163.171.115.9:80 guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052->79892b65-c8f5-561d-8752-dc02de56eceb send: 40B 1ccde049-de42-5a63-be7e-51c2c0f344ba 204.204.81.9:80 guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052->1ccde049-de42-5a63-be7e-51c2c0f344ba send: 40B guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052|send-data send-data to 1536 IP addresses review logs to see them all guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052->guuid=aed50922-1b00-0000-4d70-187bd40f0000 pid=4052|send-data send guuid=0beac45d-1b00-0000-4d70-187b56100000 pid=4182->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 96686840-c141-5d15-85c9-ac9035445c37 44.240.211.100:80 guuid=0beac45d-1b00-0000-4d70-187b56100000 pid=4182->96686840-c141-5d15-85c9-ac9035445c37 send: 900B cc8f3f9c-ba69-5fa4-ac50-aef574a4fc8f 79.98.43.167:80 guuid=0beac45d-1b00-0000-4d70-187b56100000 pid=4182->cc8f3f9c-ba69-5fa4-ac50-aef574a4fc8f send: 900B guuid=0beac45d-1b00-0000-4d70-187b56100000 pid=4182|send-data send-data to 288 IP addresses review logs to see them all guuid=0beac45d-1b00-0000-4d70-187b56100000 pid=4182->guuid=0beac45d-1b00-0000-4d70-187b56100000 pid=4182|send-data send guuid=4e4c7199-1b00-0000-4d70-187b22110000 pid=4386->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4e4c7199-1b00-0000-4d70-187b22110000 pid=4386|send-data send-data to 192 IP addresses review logs to see them all guuid=4e4c7199-1b00-0000-4d70-187b22110000 pid=4386->guuid=4e4c7199-1b00-0000-4d70-187b22110000 pid=4386|send-data send guuid=029429d5-1b00-0000-4d70-187bdf110000 pid=4575->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=029429d5-1b00-0000-4d70-187bdf110000 pid=4575|send-data send-data to 96 IP addresses review logs to see them all guuid=029429d5-1b00-0000-4d70-187bdf110000 pid=4575->guuid=029429d5-1b00-0000-4d70-187bdf110000 pid=4575|send-data send guuid=be47db10-1c00-0000-4d70-187bb7120000 pid=4791->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=710e0c11-1c00-0000-4d70-187bb8120000 pid=4792->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=710e0c11-1c00-0000-4d70-187bb8120000 pid=4792|send-data send-data to 4097 IP addresses review logs to see them all guuid=710e0c11-1c00-0000-4d70-187bb8120000 pid=4792->guuid=710e0c11-1c00-0000-4d70-187bb8120000 pid=4792|send-data send guuid=b275a490-1f00-0000-4d70-187bf9140000 pid=5369->57d16544-f04f-5b5b-9557-de493f14ae55 con
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/aef4969c-a95b-40af-b61a-efaae2378811
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1840843
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Drops files in suspicious directories
Drops invisible ELF files
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample deletes itself
Suricata IDS alerts for network traffic
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1840843 Sample: miraint.x86.elf Startdate: 28/12/2025 Architecture: LINUX Score: 100 79 140.189.56.117 WISCNET1-ASUS United States 2->79 81 160.50.233.203 WISCNET1-ASUS Germany 2->81 83 98 other IPs or domains 2->83 85 Suricata IDS alerts for network traffic 2->85 87 Malicious sample detected (through community Yara rule) 2->87 89 Antivirus detection for dropped file 2->89 91 3 other signatures 2->91 11 miraint.x86.elf 2->11         started        13 systemd .sh 2->13         started        15 systemd .sh 2->15         started        17 8 other processes 2->17 signatures3 process4 process5 19 miraint.x86.elf 11->19         started        21 .sh 13->21         started        23 .sh 15->23         started        process6 25 miraint.x86.elf 19->25         started        29 .sh 21->29         started        31 .sh 23->31         started        file7 77 /usr/bin/.sh, ELF 25->77 dropped 93 Drops invisible ELF files 25->93 95 Drops files in suspicious directories 25->95 97 Sample deletes itself 25->97 33 miraint.x86.elf 25->33         started        35 miraint.x86.elf sh 25->35         started        37 miraint.x86.elf sh 25->37         started        39 miraint.x86.elf sh 25->39         started        41 .sh sh 29->41         started        43 .sh sh 29->43         started        45 .sh sh 29->45         started        47 .sh sh 29->47         started        49 4 other processes 31->49 signatures8 process9 process10 65 6 other processes 33->65 51 sh systemctl 35->51         started        53 sh systemctl 37->53         started        55 sh systemctl 39->55         started        57 sh cp 41->57         started        59 sh systemctl 43->59         started        61 sh systemctl 45->61         started        63 sh systemctl 47->63         started        67 4 other processes 49->67 process11 69 miraint.x86.elf 65->69         started        71 miraint.x86.elf 65->71         started        73 miraint.x86.elf 65->73         started        75 2 other processes 65->75
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/c1d2a92ff0837293bd7e23dfdd917dada573475373746087bffa4faefee210f9
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c1d2a92ff0837293bd7e23dfdd917dada573475373746087bffa4faefee210f9/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/c1d2a92ff0837293bd7e23dfdd917dada573475373746087bffa4faefee210f9
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-28 17:53:17 UTC
File Type:
ELF32 Little (Exe)
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yhjksl7qqnzjhpl6epp53el5vwsxgr2ton2gbb577jh257xccd4q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet discovery linux persistence privilege_escalation
Link:
https://tria.ge/reports/251228-wgc6eaykfm/
Behaviour
Reads runtime system information
Changes its process name
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
Modifies systemd
Write file to user bin folder
Deletes itself
Contacts a large (214242) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware Config
C2 Extraction:
86.54.42.154
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-9835289-0
YARA:
n/a
Link:
https://app.threat.zone/submission/e356780c-3bd8-47a0-bf15-0ad569ec2188
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c1d2a92ff0837293bd7e23dfdd917dada573475373746087bffa4faefee210f9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202503_elf_Mirai
Create hunting rule
Author:abuse.ch
Description:Detects Mirai 'TSource' ELF files
Rule name:CVE_2017_17215
Create hunting rule
Author:NDA0E
Description:Detects exploitation attempt of CVE-2017-17215
Rule name:ELF_IoT_Persistence_Hunt
Create hunting rule
Author:4r4
Description:Hunts for ELF files with persistence and download capabilities
Rule name:ELF_Mirai
Create hunting rule
Author:NDA0E
Description:Detects multiple Mirai variants
Rule name:elf_mirai_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects elf.mirai.
Rule name:ELF_Toriilike_persist
Create hunting rule
Author:4r4
Description:Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:Identified via researched data
Rule name:iot_req_metachar
Create hunting rule
Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:Linux_Mirai_Generic
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Mirai/Gafgyt samples
Rule name:Linux_Trojan_Gafgyt_5bf62ce4
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_389ee3e9
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_5f7b67b8
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_804f8e7c
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_88de437f
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_8aa7b5d3
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_93fc3657
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_99d78950
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_a68e498c
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_ae9d0fa6
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_b14f4c5d
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_cc93863b
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_fa3ad9d0
Create hunting rule
Author:Elastic Security
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf c1d2a92ff0837293bd7e23dfdd917dada573475373746087bffa4faefee210f9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3735498/
  
Delivery method
Distributed via web download

Comments