A variant of the Mirai botnet called Moobot saw a big spike in activity recently, with researchers picking up widespread scanning in telemetry for a known vulnerability in Tenda routers. It turns out that it was being pushed out from a new cyber-underground malware domain, known as Cyberium. Cyberium has been anchoring a large amount of Mirai-variant activity, according to AT&T. Researchers tracked down the infrastructure behind the Tenda scans in late March discovering it was using Cyberium to scan for additional bugs.
Source: https://threatpost.com/moobot-tenda-router-bugs/166902/