Since then, many variants of Mirai have been observed as attackers take the original code base and add new exploits and features to it.
The first variant of the Wazuh vulnerability downloaded a malicious shell script that can download Mirai payloads for various CPU architectures. The Mirai variant contains the name “Morte” and uses the command and control (C2) domains previously associated with Windows-based rats and several other Mirai variants.
The Morte botnet also contains exploits of known vulnerabilities in Hadoop Yarn, TP-Link Archer AX21 and ZTE ZXV10 H108L routers. For Mirai, it is common to merge multiple vulnerabilities from multiple IoT devices, but attackers can customize them.
