I recently digged into some malware analysis and started with something that seems to be simpe to catch and analyse.
This is part 1 of the analysis of a Mirai variant:
Analysis of the network protocol used by a Mirai variant – Part 1 – Credential List
Please leave critics 🙂