Pulse Detail — Threat Intelligence

PULSE NAME

The Most Powerful Ever? Inside the 11.5Tbps-Scale Mega Botnet AISURU

WHITE AISURU CyberHunter_NL 2025-09-25 Modified: 2025-10-25

IOCs

MEDIUM VOLUME

AISURU is a massive botnet operating behind the scenes and is responsible for a record-breaking 11.5 Tbps DDoS attack, according to XLab, a leading security firm.

ddos en botnet aisuru april aisuru group xlab cyber threat insight analysis system snow forky rapperbot august june flex scale mega airashi fodcha

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1495 T1566 T1219 T1059 T1102 T1090 T1498

MALWARE FAMILIES

Scale Mega AIRASHI Fodcha AISURU

Indicators of Compromise (28)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2013-1599	—	2025-09-25
CVE	CVE-2013-3307	—	2025-09-25
CVE	CVE-2013-5948	—	2025-09-25
CVE	CVE-2017-5259	—	2025-09-25
CVE	CVE-2022-35733	—	2025-09-25
CVE	CVE-2022-44149	—	2025-09-25
CVE	CVE-2023-28771	—	2025-09-25
CVE	CVE-2023-50381	—	2025-09-25
CVE	CVE-2024-3721	—	2025-09-25
FileHash-MD5	1f4eccfecef1ddf7c35d2f55c70550ee	MD5 of 616a3bef8b0be85a3c2bc01bbb5fb4a5f98bf707	2025-09-25
FileHash-MD5	4e8ca1efff2e4b79fb7db95d3971caaa	MD5 of 26e9e38ec51d5a31a892e57908cb9727ab60cf88	2025-09-25
FileHash-MD5	5b1b228bb0d1ebf3ef477141013b7a86	MD5 of 053a0abe0600d16a91b822eb538987bca3f3ab55	2025-09-25
FileHash-MD5	72616e99230dab898ba193741a0b5d35	MD5 of 08e9620a1b36678fe8406d1a231a436a752f5a5e	2025-09-25
FileHash-MD5	bf06011784990b3cca02fe997ff9b33d	MD5 of 09894c3414b42addbf12527b0842ee7011e70cfd	2025-09-25
FileHash-SHA1	053a0abe0600d16a91b822eb538987bca3f3ab55	—	2025-09-25
FileHash-SHA1	08e9620a1b36678fe8406d1a231a436a752f5a5e	—	2025-09-25
FileHash-SHA1	09894c3414b42addbf12527b0842ee7011e70cfd	—	2025-09-25
FileHash-SHA1	26e9e38ec51d5a31a892e57908cb9727ab60cf88	—	2025-09-25
FileHash-SHA1	51d9a914b8d35bb26d37ff406a712f41d2075bc6	—	2025-09-25
FileHash-SHA1	616a3bef8b0be85a3c2bc01bbb5fb4a5f98bf707	—	2025-09-25
FileHash-SHA1	ccf40dfe7ae44d5e6922a22beed710f9a1812725	—	2025-09-25
FileHash-SHA256	08717d85a8a296279c2d2b792a33714d216a9de1950173d603222f78da9b9ca5	SHA256 of 053a0abe0600d16a91b822eb538987bca3f3ab55	2025-09-25
FileHash-SHA256	201d872e05f45062f3b18f1cb2bca7d5fe3811e7e6d4b8616d565a011fba091d	SHA256 of 26e9e38ec51d5a31a892e57908cb9727ab60cf88	2025-09-25
FileHash-SHA256	50d3806f47d3f701d5f1f93bf39f827f936e3d1f43fa2cd8408db9655d53fb83	SHA256 of 616a3bef8b0be85a3c2bc01bbb5fb4a5f98bf707	2025-09-25
FileHash-SHA256	7a5a5c813d636d96906fb4bf8f76c7f296a467dca756e92450f32dc69d781b71	SHA256 of 08e9620a1b36678fe8406d1a231a436a752f5a5e	2025-09-25
FileHash-SHA256	90e3b997161e33c6485b48182073a864dd3d0775ab96cadbf1b7c9dd4821c6d1	SHA256 of 09894c3414b42addbf12527b0842ee7011e70cfd	2025-09-25
domain	updatetoto.tw	—	2025-09-25
hostname	approach.ilovegaysex.su	—	2025-09-25

References (1)

↗ https://blog.xlab.qianxin.com/super-large-scale-botnet-aisuru-en/