The Mirai botnet is active for years. It was the first botnet targeting devices running Linux like camera recorders. Our first diary about it was in 2016!. Still today, my honeypot is hit by hundreds of Mirai requests every day! I found a Python script that generates a Mirai payload (SHA256:f56391e9645df1058847e28af6918c64ddc344d9f328b3dde9015213d5efdc7e) and deploys networking services to serve it via FTP, HTTP, and TFTP. Nothing very fancy but it will give you a good idea about how Linux hosts are abused to deliver malicious payloads.
Overview of a Mirai Payload Generator, (Sat, Mar 11th)
This post was originally published on this site