I published the following diary on isc.sans.edu: “Mirai-alike Python Scanner“:
Last week, I found an interesting Python script that behaves like a Mirai bot. It scans for vulnerable devices exposing their telnet (TCP/23) interface in the wild, then tries to connect using a dictionary of credentials. The script has been uploaded to VT and has a low score of 2/59. Indeed, it does not contain suspicious strings nor API calls. Just a simple but powerful scanner.
Here are the commands injected when a device is found with vulnerable credentials… [Read more]