{
	"id": "24312967-f6db-4c3c-9f37-0d4e4b3079e6",
	"created_at": "2026-04-06T00:08:52.90681Z",
	"updated_at": "2026-04-10T03:20:16.784996Z",
	"deleted_at": null,
	"sha1_hash": "adce17622f249f3bddb82eb3c3c7811b8916bf5b",
	"title": "GitHub - jgamblin/Mirai-Source-Code: Leaked Mirai Source Code for Research/IoC Development Purposes",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 147652,
	"plain_text": "GitHub - jgamblin/Mirai-Source-Code: Leaked Mirai Source Code\r\nfor Research/IoC Development Purposes\r\nBy jgamblin\r\nArchived: 2026-04-05 17:15:13 UTC\r\n🔧 Requirements\r\nBefore building and running this code, ensure you have the following installed on a Linux host:\r\ngcc - GNU Compiler Collection\r\ngolang - Go programming language\r\nelectric-fence - Memory debugging library\r\nmysql-server - MySQL database server\r\nmysql-client - MySQL database client\r\nbuild-essential - Essential build tools\r\ncrossbuild-essential-armel - Cross-compilation tools for ARM\r\nAdditional Resources:\r\nFor detailed setup instructions and background information, refer to the original leak post in\r\nForumPost.txt or view the formatted version at ForumPost.md.\r\n⚠️ CRITICAL DISCLAIMER\r\nThis repository contains the leaked source code of the Mirai botnet, originally created to infect IoT devices and\r\nlaunch large-scale DDoS attacks. This code is provided strictly for cybersecurity research, reverse engineering,\r\nmalware analysis, and detection development purposes only.\r\n⚠️ WARNING: Do not use this code to attack or scan any real devices or networks. Unauthorized use is\r\nillegal and violates GitHub policy.\r\n️ SECURITY NOTICE: The zip file for this repo is being identified by some AV programs as malware. Please\r\ntake caution.\r\n📋 Table of Contents\r\nAbout Mirai\r\nRepository Structure\r\nRequirements\r\nHow to Use (Lab Research Only)\r\nLearning Use Cases\r\nhttps://github.com/jgamblin/Mirai-Source-Code\r\nPage 1 of 4\n\nDo NOT Use For\r\nReferences\r\nCredits\r\nAcknowledgments\r\n📌 About Mirai\r\nMirai is a malware botnet that infects Internet of Things (IoT) devices using default or weak login credentials.\r\nOnce infected, these devices are controlled by a command-and-control (CnC) server and can be used to launch\r\nDDoS attacks.\r\nThis repo is a fork of the original leaked source code and includes components such as:\r\nThe bot (runs on IoT devices)\r\nThe CnC server\r\nThe loader (infects devices)\r\nScanning and deployment scripts\r\n📁 Repository Structure\r\nFolder/File Description\r\nmirai/ Core malware source code (bot + CnC server)\r\nloader/ Infects vulnerable devices using telnet brute-force\r\ndlr/ Possibly supports payload delivery (optional)\r\nscripts/ Scripts for building and managing the malware\r\nForumPost.txt Original forum post by author explaining Mirai\r\nLICENSE.md License as included in original leak (not official)\r\nREADME.md You’re reading it\r\n⚙️ How to Use (FOR LAB RESEARCH ONLY)\r\nYou must use isolated VMs or an offline network. Never run this on a real device or public network.\r\n🔧 1. Prerequisites\r\nInstall on a Linux host:\r\nhttps://github.com/jgamblin/Mirai-Source-Code\r\nPage 2 of 4\n\nsudo apt update\r\nsudo apt install gcc make build-essential git crossbuild-essential-armel -y\r\n🔨 2. Clone the Repository\r\ngit clone https://github.com/jgamblin/Mirai-Source-Code.git\r\ncd Mirai-Source-Code\r\n🔨 3. Build the Bot and CnC\r\nThis will:\r\nCross-compile the bot for different IoT architectures (MIPS, ARM, etc.)\r\nCompile the CnC server for your local machine\r\nYou can customize the build script and source code paths if needed.\r\n🧪 4. Setup a Test Lab (Recommended)\r\nCreate a virtual lab with:\r\n1 Ubuntu VM for CnC and loader\r\n1 or more OpenWRT/Linux VMs simulating IoT devices\r\nUse Host-Only or Internal Networking mode to keep the lab isolated.\r\n🕹 5. Running Components\r\nStart the CnC server (mirai/cnc/cnc)\r\nRun the loader to infect virtual IoT VMs\r\nObserve communication logs, infection, and payload delivery\r\n✅ Learning Use Cases\r\nYou can use this source code to:\r\nUnderstand how botnets spread through weak credentials\r\nReverse engineer malware behavior\r\nWrite intrusion detection rules (YARA, Snort, Suricata)\r\nDevelop antivirus and botnet defenses\r\nhttps://github.com/jgamblin/Mirai-Source-Code\r\nPage 3 of 4\n\nStudy CnC-to-bot protocol and build simulators\r\n❌ Do NOT Use For\r\nScanning or infecting real IoT devices\r\nDDoS attacks\r\nDeploying the bot to the public internet\r\nAny such use is illegal and against GitHub policy.\r\n📚 References\r\nOriginal Leak on Hackforums (2016)\r\nDDoS Analysis of Mirai by MalwareMustDie\r\nUS-CERT Alert TA16-288A\r\n👨‍💻 Credits\r\nOriginal Author: Anna-senpai - Original Mirai botnet source code leak (2016)\r\nNote: The original forum appears to be inactive as of now.\r\n🙏 Acknowledgments\r\nSpecial thanks to Pushpenderrathore for the improved README structure and comprehensive documentation that\r\nmakes this educational resource more accessible for cybersecurity research.\r\nSource: https://github.com/jgamblin/Mirai-Source-Code\r\nhttps://github.com/jgamblin/Mirai-Source-Code\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/jgamblin/Mirai-Source-Code"
	],
	"report_names": [
		"Mirai-Source-Code"
	],
	"threat_actors": [],
	"ts_created_at": 1775434132,
	"ts_updated_at": 1775791216,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/adce17622f249f3bddb82eb3c3c7811b8916bf5b.pdf",
		"text": "https://archive.orkl.eu/adce17622f249f3bddb82eb3c3c7811b8916bf5b.txt",
		"img": "https://archive.orkl.eu/adce17622f249f3bddb82eb3c3c7811b8916bf5b.jpg"
	}
}