
Breaking Down Mirai: An IoT DDoS Botnet Analysis - xorbox
https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html
======
xorbox
Mirai avoids some interesting IP ranges:

"One of the most interesting things revealed by the code was a hardcoded list
of IPs Mirai bots are programmed to avoid when performing their IP scans.

This list, which you can find below, includes the US Postal Service, the
Department of Defense, the Internet Assigned Numbers Authority (IANA) and IP
ranges belonging to Hewlett-Packard and General Electric.

This list is interesting, as it offers a glimpse into the psyche of the code’s
authors. On the one hand, it exposes concerns of drawing attention to their
activities. A concern we find ironic, considering that this malware was
eventually used in one of the most high-profile attacks to date.

On the other hand, the content list is fairly naïve—the sort of thing you
would expect from someone who learned about cyber security from the popular
media (or maybe from this Wiki page), not a professional cyber criminal."

