VERY IMPORTANT

The AIRASHI botnet, an evolved version of AISURU, has been observed conducting large-scale DDoS attacks and exploiting vulnerabilities in various devices. It utilizes a 0DAY vulnerability in cnPilot routers for propagation and employs sophisticated encryption techniques for communication. The botnet demonstrates stable T-level DDoS capabilities, with attack capacity ranging from 1-3 Tbps. AIRASHI targets multiple industries globally, with a focus on China, the United States, Poland, and Russia. The botnet's samples are frequently updated, incorporating features such as proxy services and reverse shell functionality. Its communication protocol includes HMAC-SHA256 verification and ChaCha20 encryption. The operators mock security researchers through their choice of domain names.