Here it is a list of tips how to identify Mirai in your network:

• – Scans actively port 23 and port 2323 for vulnerable devices. Expect lots of SYNs traffic in your network
• – Outbound connections to 65.222.202.53 port 80. System administrators can identify vulnerable devices by looking into flow data towards address 65.222.202.53, tcp 80
• – Devices open the port TCP 48101
• – Devices make DNS lookups using 8.8.8.8