VulnCheck wrote about 7777-Botnet with the following information:
7777-Botnet remains active, and VulnCheck used co-located services to theorize the botnet is infecting TP-Link, Xiongmai, and Hikvision devices using CVE-2017-7577, CVE-2018-10088, CVE-2022-45460, CVE-2021-36260, and/or CVE-2022-24355.
The botnet also appears to infect other systems like MVPower, Zyxel NAS, and GitLab, although at a very low volume.
The botnet doesn’t just start a service on port 7777. It also spins up a SOCKS5 server on port 11228.