Mirai is a botnet malware family, a piece of DDoS attack infrastructure rather than a vector itself, and the fleets it builds are exactly what a DDoS test is meant to stand in for. First seen in 2016, Mirai scans the internet for IoT devices (cameras, DVRs, routers) still running default or weak credentials, logs in over Telnet or SSH, and enrolls them into a remotely commanded fleet. Its public source release spawned countless variants.
Why it matters in DDoS testing
Mirai set the template for the modern volumetric threat: hundreds of thousands of always-on, geographically scattered devices producing L4 and L7 floods on command. It drove some of the largest attacks on record, including the 2016 Dyn DNS outage. A test that models a Mirai-class source set assumes wide IP dispersion and sustained throughput, not a brief burst from a handful of hosts, because that is the traffic shape real defenses have to survive.
For how those floods break down by layer, see Understanding DDoS Attack Vectors.