Botnets Never Die: An Analysis of the Large Scale Botnet AIRASHI
Jan. 16, 2025, noon
Description
The AIRASHI botnet, an evolved version of AISURU, has been observed conducting large-scale DDoS attacks and exploiting vulnerabilities in various devices. It utilizes a 0DAY vulnerability in cnPilot routers for propagation and employs sophisticated encryption techniques for communication. The botnet demonstrates stable T-level DDoS capabilities, with attack capacity ranging from 1-3 Tbps. AIRASHI targets multiple industries globally, with a focus on China, the United States, Poland, and Russia. The botnet's samples are frequently updated, incorporating features such as proxy services and reverse shell functionality. Its communication protocol includes HMAC-SHA256 verification and ChaCha20 encryption. The operators mock security researchers through their choice of domain names.
Tags
Date
- Created: Jan. 16, 2025, 11:06 a.m.
- Published: Jan. 16, 2025, 11:06 a.m.
- Modified: Jan. 16, 2025, noon
Indicators
- 8e12df8893a638354d851bcb46b5b7dc451c6f52066305ac641de60c80d11850
- 72821513d59d491f13d5fdcb36fc311d202da0b876079c38e21ba77422e7781c
- 1576598bb6fa7163dd1d578639e6b1d0ef64ef82fbf5d2d34cfd22525187570c
- 190.123.46.21
- 162.220.163.14
- 190.123.46.55
- 95.214.52.167
- honeybooterz.cve-2021-36260.ru
- foxthreatnointel.africa
Attack Patterns
- AIRASHI
- AISURU
- HELLOKITTY - S0617
- AIRASHI
- T1505.003
- T1571
- T1213
- T1095
- T1573
- T1016
- T1082
- T1496
- T1071
- T1498
- T1190
- T1133
- T1059
Additional Informations
- Gaming
- Technology
- China
- Poland
- United States of America
- Russian Federation