Directory types:
What type of Directories was this Botnet trying to look into?
GSM Service
GSM stands for Global Systems for Mobile Communications. So GSM is a standard protocol for Mobile communications. On a Mikrotik Router, when using (/dev/ttyGSM* ), it may return the virtual serial ports in use by the RouterOS modem. Users in StackExchange had a discussion about how you can gain direct serial connection to a RB4011 (MikroTik router) using the command 'sudo screen /dev/ttyUSB0 115200 cs8 ixoff' which I implied that using 'ls -la /dev/ttyUSB*' can also be used to identify a live serial connection to an active router.
By SMS, Im talking about literal "SMS," like text messages. SMS means "Short Message Service" and is used by mobile devices and/or internet connected devices. Mikrotik supports SMS messaging via a GSM modem. A few Mikrotik users have reported that they were able to configure their router management through SMS including receiving health alert text messages from the router and/or being able to reset admin and password just through SMS.
SMS Service
QMUX
The /usr/bin/qmuxd is pointed to the daemon. 'qmuxd' is a process used for a linux user to multiplex between programs interfacing with QMI (Qualcomm MSM Interface) and one or more shared-memory based QMUX ports offered by the broadband processor. Another issue cites qmuxd as being the daemon responsible for talking to the modem via shared memory on Android.
Limited information on /etc/config/simman was discovered on common search engines. For instance, DuckDuckGo will only return 2 unique results. The only conclusive results returned with this string were live honeypot dashboards and websites written in Russian.
