Skip to content

Hide Navigation Hide TOC

aisuru (825591d0-dba5-4084-b9f9-3a5bc16604ef)

Aisuru is a Mirai-derivative DDoS botnet active since at least August 2024. The botnet has evolved through two distinct generations — transitioning from DNS A record C2 resolution to a DNS TXT scheme using CAFEBABE XOR-encoded IP addresses, and most recently adopting HMAC-SHA256 authentication with a new 0x1CEB00DA protocol magic.

Cluster A Galaxy A Cluster B Galaxy B Level
aisuru (825591d0-dba5-4084-b9f9-3a5bc16604ef) Botnet Mirai (dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5) Tool 1
aisuru (825591d0-dba5-4084-b9f9-3a5bc16604ef) Botnet Mirai (fcdfd4af-da35-49a8-9610-19be8a487185) Botnet 1
Mirai (dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5) Tool Owari (f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc) Botnet 2
Mirai (dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5) Tool Mirai (ELF) (17e12216-a303-4a00-8283-d3fe92d0934c) Malpedia 2
Mirai (dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5) Tool Mirai (fcdfd4af-da35-49a8-9610-19be8a487185) Botnet 2
Mirai (dcbf1aaa-1fdd-4bfc-a35e-145ffdfb5ac5) Tool Sora (025ab0ce-bffc-11e8-be19-d70ec22c5d56) Botnet 2
Mirai (ELF) (17e12216-a303-4a00-8283-d3fe92d0934c) Malpedia Mirai (fcdfd4af-da35-49a8-9610-19be8a487185) Botnet 2
Owari (f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc) Botnet Mirai (fcdfd4af-da35-49a8-9610-19be8a487185) Botnet 2
Mirai (fcdfd4af-da35-49a8-9610-19be8a487185) Botnet Sora (025ab0ce-bffc-11e8-be19-d70ec22c5d56) Botnet 2
Owari (ec67f206-6464-48cf-a012-3cdfc1278488) Malpedia Owari (f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc) Botnet 3
Owari (f24ad5ca-04c5-4cd0-bd72-209ebce4fdbc) Botnet Sora (025ab0ce-bffc-11e8-be19-d70ec22c5d56) Botnet 3