Jérôme MeyerRE: https://infosec.exchange/@deepfield/116257216814128898
We dug into the binaries from a Xiongmai DVR proxyware campaign that @nicter_jp wrote up. Mirai stripped for parts, PacketSDK with a dead dispatch chain, and a dormant RCE backdoor that's just... waiting.
Our report (which really is a companion piece to NICTER's): https://github.com/deepfield/public-research/blob/main/reports/2026-03-19-xiongmai-packetsdk-ipidea.md