← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - The Strongest Ever? Unveiling the Inside Story of the 11.5T Ultra-Large Botnet AISURU (pulse by celestre)
WHITE Q.Vashti 2025-09-18 Modified: 2025-10-18
22
IOCs
MEDIUM VOLUME
Since 2025, global DDoS attack bandwidth peaks have continuously broken historical records, soaring from 3.12 Tbps at the beginning of the year to a staggering 11.5 Tbps recently. A botnet called AISURU has been observed operating behind numerous high-impact or record-breaking attacks. The AISURU botnet was first disclosed by XLab in August 2024 and was involved in DDoS attacks targeting the distribution platform of "Black Myth: Wukong." Since March of this year, XLab's large-scale threat monitoring platform has continuously captured new samples of this botnet. Multiple sources indicate that the group behind it allegedly compromised a router firmware upgrade server in April and expanded the botnet by distributing malicious scripts. The current number of nodes is reportedly 300,000. (by celestre)
communicationsproxy relaylimitedltd samplehlavnifrombase64azaz09standardtohexchangeipformatas206509|kcomrelayrelay c2
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
AS206509|KCOM
Indicators of Compromise (22)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1f4eccfecef1ddf7c35d2f55c70550ee MD5 of 616a3bef8b0be85a3c2bc01bbb5fb4a5f98bf707 2025-09-18
FileHash-MD5 4e8ca1efff2e4b79fb7db95d3971caaa MD5 of 26e9e38ec51d5a31a892e57908cb9727ab60cf88 2025-09-18
FileHash-MD5 5b1b228bb0d1ebf3ef477141013b7a86 MD5 of 053a0abe0600d16a91b822eb538987bca3f3ab55 2025-09-18
FileHash-MD5 72616e99230dab898ba193741a0b5d35 MD5 of 08e9620a1b36678fe8406d1a231a436a752f5a5e 2025-09-18
FileHash-SHA1 053a0abe0600d16a91b822eb538987bca3f3ab55 2025-09-18
FileHash-SHA1 08e9620a1b36678fe8406d1a231a436a752f5a5e 2025-09-18
FileHash-SHA1 09894c3414b42addbf12527b0842ee7011e70cfd 2025-09-18
FileHash-SHA1 26e9e38ec51d5a31a892e57908cb9727ab60cf88 2025-09-18
FileHash-SHA1 51d9a914b8d35bb26d37ff406a712f41d2075bc6 2025-09-18
FileHash-SHA1 616a3bef8b0be85a3c2bc01bbb5fb4a5f98bf707 2025-09-18
FileHash-SHA1 ccf40dfe7ae44d5e6922a22beed710f9a1812725 2025-09-18
FileHash-SHA256 08717d85a8a296279c2d2b792a33714d216a9de1950173d603222f78da9b9ca5 SHA256 of 053a0abe0600d16a91b822eb538987bca3f3ab55 2025-09-18
FileHash-SHA256 201d872e05f45062f3b18f1cb2bca7d5fe3811e7e6d4b8616d565a011fba091d SHA256 of 26e9e38ec51d5a31a892e57908cb9727ab60cf88 2025-09-18
FileHash-SHA256 50d3806f47d3f701d5f1f93bf39f827f936e3d1f43fa2cd8408db9655d53fb83 SHA256 of 616a3bef8b0be85a3c2bc01bbb5fb4a5f98bf707 2025-09-18
FileHash-SHA256 7a5a5c813d636d96906fb4bf8f76c7f296a467dca756e92450f32dc69d781b71 SHA256 of 08e9620a1b36678fe8406d1a231a436a752f5a5e 2025-09-18
domain updatetoto.tw 2025-09-18
hostname a.6mv1eyr328y6due83u3js6whtzuxfyhw.ru 2025-09-18
hostname approach.ilovegaysex.su 2025-09-18
hostname coerece.ilovegaysex.su 2025-09-18
hostname lane.ilovegaysex.su 2025-09-18
hostname ministry.ilovegaysex.su 2025-09-18
hostname u.ilovegaysex.su 2025-09-18
References (1)
↗ https://blog.xlab.qianxin.com/super-large-scale-botnet-aisuru/