216.73.217.139

Botnets Never Die: An Analysis of the Large Scale Botnet AIRASHI

· Published 16/01/2025 11:06 · Modified 16/01/2025 12:00

Export JSON

Essential information

Published
16/01/2025 11:06
Modified
16/01/2025 12:00
Tags
2025-01-16 CVE-2022-3573 airashi aisuru botnet chacha20 cnpilot ddos encryption hellokitty hmac-sha256 proxy rc4 vulnerability
Related entities
2 vulnerabilities (cve), 9 observables, 1 intrusion sets (apt), 13 techniques (mitre), 3 malware, 6 others

Description

The , an evolved version of , has been observed conducting large-scale attacks and exploiting vulnerabilities in various devices. It utilizes a 0DAY in routers for propagation and employs sophisticated techniques for communication. The demonstrates stable T-level capabilities, with attack capacity ranging from 1-3 Tbps. targets multiple industries globally, with a focus on China, the United States, Poland, and Russia. The 's samples are frequently updated, incorporating features such as services and reverse shell functionality. Its communication protocol includes verification and . The operators mock security researchers through their choice of domain names.

External references