Inside an IoT Botnet Framework With LLM-Assisted Development
Essential information
- Published
- 15/07/2026 13:58
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- aisuru ddos-for-hire gafgyt iot botnet kaitori keksec ecosystem llm-generated code mhddos telnet brute-force tsunami tuxbot v3
- Related entities
- 25 vulnerabilities (cve), 30 indicators, 10 observables, 21 techniques (mitre), 7 malware
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (25)
- Published
- 20/12/2025
- Modified
- 20/12/2025
- EPSS
- 0.5836 (P99.0%)
- Published
- 15/07/2026
ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented …
- Attack vector
- Network
- Published
- 02/06/2025
- Modified
- 21/12/2025
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 09/04/2026
- Modified
- 15/07/2026
ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
- Published
- 03/11/2021
- Modified
- 20/12/2025
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, …
- Published
- 10/05/2022
- Modified
- 20/12/2025
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use …
- Attack vector
- NETWORK
- Published
- 29/01/2021
- Modified
- 15/07/2026
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
- Published
- 31/03/2022
- Modified
- 20/12/2025
Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
- Published
- 04/04/2022
- Modified
- 20/12/2025
A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and …
- Published
- 16/05/2022
- Modified
- 20/12/2025
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 …
- Attack vector
- NETWORK
- Published
- 11/06/2019
- Modified
- 21/12/2025
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via …
- Attack vector
- Network
- Published
- 17/01/2023
- Modified
- 15/07/2026
Indicators (30)
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
-
stix 100/100· Valid until 11/07/2027 · Source: AlienVault
Observables (10)
-
cfcybernews.eu -
digikalas.online -
jetross.com -
health.digikalas.online -
api.digikalas.online -
newtuxdev.sevielw.digikalas.online -
185.10.68.127 -
154.6.197.43 -
194.46.59.169 -
37.32.24.195
Techniques (MITRE) (21)
Malware (7)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TuxBot v3 Evolution
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·