From bankinfosecurity.com
Two years after Mirai botnets first appeared, new generations of botnets are continuing to probe for internet-connected devices that they can easily compromise, often via a vastly expanded list of default usernames and passwords.
Mirai targeted 64 default or hardcoded credentials built into internet of things devices (see: Mirai Malware Hacker Pleads Guilty in German Court).
Using a telnet honeypot designed to study how botnets are attempting to compromise IoT devices, Arbor Networks in September found that botnets are continuing to target the 64 username and password combinations seen in the Mirai source code, as well as at least 1,005 new ones.