The Most Powerful Ever? Inside the 11.5Tbps-Scale Mega Botnet AISURU
Essential information
- Published
- 25/09/2025 09:20
- Modified
- 25/09/2025 14:48
- Tags
- 2025-09-25 CVE-2013-1599 CVE-2013-3307 CVE-2013-5948 CVE-2017-5259 CVE-2022-35733 CVE-2022-44149 CVE-2023-28771 CVE-2023-50381 CVE-2024-3721 airashi aisuru botnet cybercrime ddos encryption firmware proxy router vulnerabilities
- Related entities
- 9 vulnerabilities (cve), 11 observables, 1 intrusion sets (apt), 18 techniques (mitre), 2 malware
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (9)
Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions …
- Attack vector
- NETWORK
- Published
- 23/08/2022
- Modified
- 21/12/2025
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, …
- Attack vector
- NETWORK
- Published
- 28/01/2020
- Modified
- 21/12/2025
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON …
- Attack vector
- NETWORK
- Published
- 06/01/2023
- Modified
- 21/12/2025
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of …
- Attack vector
- NETWORK
- Published
- 08/07/2024
- Modified
- 21/12/2025
- Published
- 20/12/2025
- Modified
- 21/12/2025
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in …
- Attack vector
- NETWORK
- Published
- 11/07/2025
- Modified
- 21/12/2025
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path …
- Published
- 20/12/2017
- Modified
- 13/05/2026
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute …
- Attack vector
- Network
- Published
- 31/05/2023
- Modified
- 21/12/2025
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing …
- Attack vector
- NETWORK
- Published
- 13/04/2024
- Modified
- 21/12/2025
Observables (11)
151.242.2.25151.242.2.22185.211.78.117ilovegaysex.suapproach.ilovegaysex.suupdatetoto.tw90e3b997161e33c6485b48182073a864dd3d0775ab96cadbf1b7c9dd4821c6d17a5a5c813d636d96906fb4bf8f76c7f296a467dca756e92450f32dc69d781b7108717d85a8a296279c2d2b792a33714d216a9de1950173d603222f78da9b9ca550d3806f47d3f701d5f1f93bf39f827f936e3d1f43fa2cd8408db9655d53fb83201d872e05f45062f3b18f1cb2bca7d5fe3811e7e6d4b8616d565a011fba091d
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 17:49 · Modified 21/12/2025 17:49
Techniques (MITRE) (18)
-
Disable or Modify System Firewall
-
Malware
-
Malware
-
Web Shell
-
Tool
-
Brute Force
-
Software Packing
-
Non-Standard Port
-
Data from Information Repositories
-
Non-Application Layer Protocol
-
File Deletion
-
System Information Discovery
-
Traffic Signaling
-
Network Denial of Service
-
Deobfuscate/Decode Files or Information
-
Obfuscated Files or Information
-
Modify Registry
-
Exploit Public-Facing Application