At first, it is worth noting that not all Mirai modifications end up with a publicly known unique name; often, many of them fall under the same generic Mirai category. An example can be a Mirai variant that, in November 2016, propagated using the RCE attack against DSL modems via TCP port 7547 (TR-069/CWMP).
Here are some other examples of the known botnets that borrowed parts of the Mirai source code:
- Satori (Japanese for comprehension, understanding): This exploits vulnerabilities for propagation, for example, CVE-2018-10562 to target GPON routers or CVE-2018-10088 to target XiongMai software.
- Masuta/PureMasuta (Japanese for master): This exploits a bug in the D-Link HNAP protocol, apparently linked to the Satori creator(s).
- Okiru (Japanese for to get up): This uses its own configurations and exploits for propagation (CVE-2014-8361 targeting Realtek SDK and CVE-2017-17215 targeting Huawei routers). It has added support for ARC processors.
- Owari and Sora (Japanese...
