Starting on April 11th, researchers began seeing notifications that a threat actor had started to publicly exploit this vulnerability. Source In order to determine the appropriate payload for the target system architecture, binary payloads are downloaded and then executed using brute-force methodology. Upon finding the appropriate binary and installing the payload, the host becomes fully infected and establishes a connection with the Mirai C2.
Read full article on Heimdal Security Blog