In a blog post, researcher Ruchna Nigam wrote that the new Mirai version was taking aim at the same Struts vulnerability which had been used to breach servers at the credit ratings agency Equifax.
The new Gafgyt version was aimed at a new flaw in unsupported versions of Sonicwall's GMS.
Nigam said that on 7 September, Palo Alto's Unit 42 had found samples of a Mirai variant that had exploits capable of targeting 16 separate flaws. It was the first time Mirai had been known to target Apache Struts.
"During that time this IP was intermittently hosting samples of Gafgyt that incorporated an exploit against CVE-2018-9866, a SonicWall vulnerability affecting older versions of SonicWall Global Management System (GMS). SonicWall has been notified of this development.
"The incorporation of exploits targeting Apache Struts and SonicWall by these IoT/Linux botnets could indicate a larger movement from consumer device targets to enterprise targets."
The Mirai variant could cause problems for those using Linksys E-series devices, Vacron NVR devices, some D-Link devices, CCTVs and DVRs from 70 vendors, EnGenius EnShare IoT Gigabit Cloud Service 1.4.11, AVTECH IP Camera/NVR/DVR devices, Zyxel routers, NetGain Enterprise Manager 7.2.562, NUUO NVRmini 2 3.0.8, Netgear DGN1000 routers, and Dasan GPON routers.
In an unsolicited comment, a SonicWall spokesperson told iTWire: "The vulnerability disclosed in this post is not an announcement of a new vulnerability in SonicWall Global Management System.
"The issue referenced only affects an older version of the GMS software (version 8.1) which was replaced by version 8.2 in December 2016. Customers and partners running GMS version 8.2 and above are protected against this vulnerability.
"Customers still using GMS version 8.1 should apply a hotfix supplied by SonicWall in August 2018 and plan for an immediate upgrade, as GMS 8.1 went out of support in February 2018."
Users of SonicWall Global Management System were urged to upgrade to the latest version.