Botnets Never Die: An Analysis of the Large Scale Botnet AIRASHI
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The AIRASHI botnet, an evolved version of AISURU, has been observed conducting large-scale DDoS attacks and exploiting vulnerabilities in various devices. It utilizes a 0DAY vulnerability in cnPilot routers for propagation and employs sophisticated encryption techniques for communication. The botnet demonstrates stable T-level DDoS capabilities, with attack capacity ranging from 1-3 Tbps. AIRASHI targets multiple industries globally, with a focus on China, the United States, Poland, and Russia. The botnet's samples are frequently updated, incorporating features such as proxy services and reverse shell functionality. Its communication protocol includes HMAC-SHA256 verification and ChaCha20 encryption. The operators mock security researchers through their choice of domain names.
OPENCTI LABELS :
botnet,vulnerability,ddos,encryption,proxy,rc4,chacha20,aisuru,hellokitty,hmac-sha256,airashi,cve-2022-3573,cnpilot
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Botnets Never Die: An Analysis of the Large Scale Botnet AIRASHI