VERY IMPORTANT

360 Network Security Research Lab recently discovered a new botnet that is scanning the entire Internet on a large scale. Very active, we can now see ~ 50k live scanner IPs daily. Malicious code identified, simple UDP DDoS attacks recorded. Most security vendors fail to identify the malicious code (7/55 on virustotal) This botnet borrows partial code such as port scanning module from the Mirai, but it is completely different from mirai in terms of infect chain, C2 communication protocol, attack module and so on. Although the binary names have mirai mentioned it is probably not wise to treat it just as a mirai variant