Mirai utilizza una struttura di comando e controllo abbastanza standard - l'unica vera differenza è che il codice per il C & C è stato reso pubblico nelle prime fasi, quindi può essere facilmente aggiornato e riutilizzato.
Questo articolo di ars technica su Mirai delinea uno dei punti di forza del C & C di Mirai:
The simplicity of Mirai's C&C structure makes scaling it up relatively simple. "One of the things we noticed during the Dyn attack was that the C&C domain would change its address," Nixon explained. "That way, the C&C network could segment its botnet." By simply changing a DNS entry, the attacker could use the same domain to create and operate multiple separate botnets simultaneously.
When a Mirai bot is created, it sends a request to the Domain Name Service for the "A" address of a domain configured by its creator. Once it has the Internet address associated with that "A" address, it locks onto that IP address. "When one C&C server fills up, [the botnet operator] can just change the IP address associated with that 'A' name," Nixon explained. New bots will connect to the new address while older bots continue to communicate with the previously labeled server.
While this scheme can cause problems with resiliency of the botnet—if a C&C server gets identified and its traffic is shut down, the bots fail—it's not a big problem for the botnet long-term. The botnet can easily be re-established from another server by simply re-discovering vulnerable devices.