[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYswpWev4m9bCYloIZ6A2KQDt9kX_jr6kvwvgyu4DQL8":3},{"article":4,"iocs":51},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":31,"category":32,"article_tags":35},"0e68a196-4db5-4341-b31c-3c430051ff18","#TuxBot v3 Evolution: IoT malware\u002FC2 framework tied to AISURU\u002FKeksec. Self-ID \"Akiru.\" 30-plus ex...","tuxbot-v3-evolution-iot-malware-c2-framework-tied-to-aisuru-keksec-self-id-akiru-b77f81","#TuxBot v3 Evolution: IoT malware\u002FC2 framework tied to AISURU\u002FKeksec. Self-ID \"Akiru.\" 30-plus exploit targets, 1,496 credential pairs, encrypted C2, and DGA. Developers used an LLM to port exploits and write code, leaving traces in some files. Details at https:\u002F\u002Ft.co\u002F7mIjUcEG3y https:\u002F\u002Ft.co\u002FvOXDFloLTk","TuxBot v3, an evolved IoT malware and command-and-control framework attributed to threat groups AISURU and Keksec, has been discovered with self-identification as \"Akiru.\" The malware targets over 30 known exploits, incorporates 1,496 credential pairs, uses encrypted C2 communications, and employs domain generation algorithms (DGA) for resilience. Analysis reveals developers leveraged LLMs to port exploits and generate code, leaving detectable artifacts in compiled binaries.","TuxBot v3 IoT malware framework linked to AISURU\u002FKeksec targets 30+ exploits with encrypted C2",null,"https:\u002F\u002Fx.com\u002FUnit42_Intel\u002Fstatus\u002F2060050015553274345","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJbEiTaXQAA-lvv.jpg","2026-05-28T17:26:12+00:00","2026-05-28T18:00:13.962218+00:00",9,[18,21,23,26,29],{"name":19,"type":20},"AISURU","threat_actor",{"name":22,"type":20},"Keksec",{"name":24,"type":25},"TuxBot v3","campaign",{"name":27,"type":28},"Domain Generation Algorithm (DGA)","technology",{"name":30,"type":28},"LLM (Large Language Model)","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":31,"icon":11,"name":33,"slug":34},"Malware","malware",[36,41,46],{"category":37},{"id":38,"icon":11,"name":39,"slug":40},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":42},{"id":43,"icon":11,"name":44,"slug":45},"d6f63bb8-0801-486a-be7f-171400700454","IoT\u002FOT","iot-ot",{"category":47},{"id":48,"icon":11,"name":49,"slug":50},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[52,54],{"type":34,"value":24,"context":53},"IoT malware and C2 framework with encrypted communications and DGA",{"type":34,"value":55,"context":56},"Akiru","Self-identification name used by TuxBot v3 developers"]