A security researcher reportedly discovered a new variant of Mirai (identified by Trend Micro as ELF_MIRAI family) that is quickly spreading. A notable increase in traffic on port 2323 and 23 was observed over the weekend, with around 100 thousand unique scanner IPs coming from Argentina.
The release of the Proof-of-Concept (PoC) exploit code in a public vulnerabilities database was believed to have triggered the increase of activity associated with the Mirai botnet. Scans used the PoC on November 22 after the publication of the exploit code on October 31. The PoC triggers CVE-2016-10401 in old ZyXEL PK5001Z routers, which was made public early this year.
Source: Trend Micro