A report details the incorporation of exploits targeting DrayTek Vigor routers into the Mirai botnet. Previously disclosed vulnerabilities affecting approximately 700,000 devices are being exploited, with attacks focusing on the 'keyPath' and 'cvmcfgupload' parameters. A curious spike in malformed exploit attempts, missing a dash in 'cgi-bin', has been observed. The attacks aim to upload and execute bot variants, primarily Mirai. The latest malformed exploit attempts to download a multi-architecture bash script and the actual bot. String analysis of the bot reveals attempts to exploit other vulnerabilities and likely includes a brute force component.