{
  "name": "The Most Powerful Ever? Inside the 11.5Tbps-Scale Mega Botnet AISURU",
  "slug": "the-most-powerful-ever-inside-the-115tbps-scale-mega-botnet-aisuru",
  "description": "The AISURU botnet has emerged as a formidable threat, capable of launching massive DDoS attacks reaching 11.5 Tbps. First disclosed in 2024, it expanded significantly in 2025 by compromising a router firmware update server. The botnet, with approximately 300,000 nodes, is operated by a group of three key figures. It exploits various vulnerabilities, including 0-days, to propagate and has targeted multiple industries worldwide. AISURU employs sophisticated anti-analysis techniques, encryption methods, and a custom network protocol. Beyond DDoS attacks, it has expanded into proxy services, indicating a shift towards diversified cybercriminal activities. The botnet's scale and capabilities make it a significant concern for global cybersecurity.",
  "published": "2025-09-25T07:20:44+00:00",
  "created_at": "2025-09-25T07:20:44+00:00",
  "modified_at": "2025-09-25T12:48:34+00:00",
  "created_at_opencti": "2025-09-25T07:20:44+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-09-25",
    "CVE-2013-1599",
    "CVE-2013-3307",
    "CVE-2013-5948",
    "CVE-2017-5259",
    "CVE-2022-35733",
    "CVE-2022-44149",
    "CVE-2023-28771",
    "CVE-2023-50381",
    "CVE-2024-3721",
    "airashi",
    "aisuru",
    "botnet",
    "cybercrime",
    "ddos",
    "encryption",
    "firmware",
    "proxy",
    "router",
    "vulnerabilities"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "151.242.2.25"
      },
      {
        "id": "",
        "name": "151.242.2.22"
      },
      {
        "id": "",
        "name": "185.211.78.117"
      },
      {
        "id": "",
        "name": "ilovegaysex.su"
      },
      {
        "id": "",
        "name": "approach.ilovegaysex.su"
      },
      {
        "id": "",
        "name": "updatetoto.tw"
      },
      {
        "id": "",
        "name": "90e3b997161e33c6485b48182073a864dd3d0775ab96cadbf1b7c9dd4821c6d1"
      },
      {
        "id": "",
        "name": "7a5a5c813d636d96906fb4bf8f76c7f296a467dca756e92450f32dc69d781b71"
      },
      {
        "id": "",
        "name": "08717d85a8a296279c2d2b792a33714d216a9de1950173d603222f78da9b9ca5"
      },
      {
        "id": "",
        "name": "50d3806f47d3f701d5f1f93bf39f827f936e3d1f43fa2cd8408db9655d53fb83"
      },
      {
        "id": "",
        "name": "201d872e05f45062f3b18f1cb2bca7d5fe3811e7e6d4b8616d565a011fba091d"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:b53884e02538be41",
        "name": "AIRASHI",
        "slug": "airashi"
      },
      {
        "id": "legacy:malware:e7c3276aacecf960",
        "name": "AISURU",
        "slug": "aisuru"
      }
    ],
    "intrusion_sets": [
      {
        "id": "255a4d65-88b7-4457-85e6-817a317028b1",
        "name": "AISURU",
        "slug": "aisuru"
      }
    ],
    "attack_patterns": [
      {
        "id": "7e5fbc10-b908-4ce8-8ba8-9fd70790c6ae",
        "name": "T1562.004"
      },
      {
        "id": "2ccc4626-0e86-4148-a5a8-2aa270e22dbd",
        "name": "T1588.001"
      },
      {
        "id": "3e7e47ba-d8ad-4aa8-a4fc-1167cec2e125",
        "name": "T1587.001"
      },
      {
        "id": "beaa4978-0309-438b-a45e-ec566b643811",
        "name": "T1505.003"
      },
      {
        "id": "6a146066-5a78-493c-a26a-133b62c1149e",
        "name": "T1588.002"
      },
      {
        "id": "444de5e0-bd7f-4700-b700-26320057dd80",
        "name": "T1110"
      },
      {
        "id": "e1b18ecf-d74e-4fe6-9bd4-ca6a62e7d818",
        "name": "T1027.002"
      },
      {
        "id": "16e26db7-7376-40c1-b8a9-23d56c44f7ee",
        "name": "T1571"
      },
      {
        "id": "e73b317e-ea92-49b4-a45d-051f7279aced",
        "name": "T1213"
      },
      {
        "id": "88fa397b-4cc9-42c0-b52d-4108f9630529",
        "name": "T1095"
      },
      {
        "id": "eaff4611-3c78-4127-8745-726f77ed68ba",
        "name": "T1070.004"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "7abb6e8c-d357-49ef-9244-017043055224",
        "name": "T1205"
      },
      {
        "id": "747c7b95-79ff-4132-8ea5-397cb6665ebd",
        "name": "T1498"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "09124a92-c11f-4571-b35b-ab0bce6dd081",
        "name": "T1112"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2022-35733"
      },
      {
        "id": "",
        "name": "CVE-2013-1599"
      },
      {
        "id": "",
        "name": "CVE-2022-44149"
      },
      {
        "id": "",
        "name": "CVE-2023-50381"
      },
      {
        "id": "",
        "name": "CVE-2013-5948"
      },
      {
        "id": "",
        "name": "CVE-2013-3307"
      },
      {
        "id": "",
        "name": "CVE-2017-5259"
      },
      {
        "id": "",
        "name": "CVE-2023-28771"
      },
      {
        "id": "",
        "name": "CVE-2024-3721"
      }
    ]
  },
  "external_refs": [
    "https://blog.xlab.qianxin.com/super-large-scale-botnet-aisuru-en",
    "https://otx.alienvault.com/pulse/68d5096c02da6fff718c6c50"
  ]
}