Botmasters have taken the lessons from developing Internet of Things (IoT) malware and shifted their focus to targeting commodity Linux servers. Like many IoT devices, unpatched Linux servers linger on the network, and are being abused at scale by attackers sending exploits to every vulnerable server they can find. ASERT has been monitoring exploit attempts for the Hadoop YARN vulnerability in our honeypot network and found a familiar, but surprising payload – Mirai.