URLhaus-PL-05714ba2f8092c8acacc59c3c038c4daf1041efa9c443878a5c9013bb4032886 medium

Description

Malware family: Mirai. File type: elf. Size: 202,828 bytes. First seen: 2026-06-18 06:50:20.

• URLhaus: elf Malicious URLs | SOC Hunt Feed
  web:davidgodwinpratt.com

  Hunt Hypothesis The hunt hypothesis detects adversaries using malicious URLs associated with the elf malware family to exfiltrate data or establish command and control. SOC teams should proactively hunt for this behavior in Azure Sentinel to identify and mitigate potential data breaches and lateral movement attempts.

  2026-06-18 09:05 UTC
• URLhaus: elf Malicious URLs | SOC Hunt Feed
  web:davidgodwinpratt.com

  The hypothesis is that the detected URLs are malicious ELF files used by adversaries to deliver payloads or execute code on compromised systems. SOC teams should proactively hunt for these URLs in Azure Sentinel to identify and mitigate potential command and control or data exfiltration activities early.

  2026-06-18 09:05 UTC
• GitHub - abusech/URLhaus: Open platform for sharing malware ...
  web:github.com

  URLhaus is an open platform for sharing malware distribution sites. This repository provides some sample python3 scripts on how to interact with the URLhaus bulk API.

  2026-06-18 09:05 UTC
• felixrayyen-alt/Mirai-Botnet-Static-Analysis - GitHub
  web:github.com

  🦠 Mirai Botnet - Malware Static Analysis This repository contains a comprehensive Static Analysis and Reverse Engineering report of the notorious Mirai Malware ( ELF 32-bit binary). This project was conducted as part of the Reverse Engineering Midterm Exam at Universitas Amikom Yogyakarta.

  2026-06-18 09:05 UTC
• Mirai (Malware Family) - Fraunhofer
  web:malpedia.caad.fkie.fraunhofer.de

  Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices.

  2026-06-18 09:05 UTC
• URLhaus | Browse - abuse.ch
  web:urlhaus.abuse.ch

  Here you can propose new malware urls or just browse the URLhaus database. If you are looking for a parsable list of the dataset, you might want to check out the URLhaus API.

  2026-06-18 09:05 UTC
• URLhaus | Mirai
  web:urlhaus.abuse.ch

  URLhaus tries to identify the malware associated with the payload served by a certain malware URL. In case URLhaus is able to identify the associated malware family, the payload will be tagged accordingly (field signature). The page below gives you an overview on payloads that URLhaus has identified as Mirai .

  2026-06-18 09:05 UTC
• CSIRT-IE: Active Malware Distribution Sites
  web:www.ncsc.gov.ie

  CSIRT-IE monitors the URLhaus dataset for reports of sites, within its jurisdiction, that are reported to be actively distributing malware. Active Malware Distribution Sites The URLhaus platform only report sites (URLs) that are directly being used to distribute malware.

  2026-06-18 09:05 UTC

Indicators of Compromise (4)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

References (2)

• Download sample (ZIP, password: infected) URLhaus
• URLhaus payload page URLhaus

Only Available for Registered Users. Sign in to view.