Dort

Dort (also abbreviated as “D”) is an alleged cybercriminal operator associated with the Aisuru and Kimwolf botnets. In the referenced reporting, Dort is suggested to be the owner of the resi[.]to Discord server used to market and coordinate residential proxy services benefiting from Aisuru/Kimwolf-infected devices. A source (“Forky,” described as a Brazilian man who acknowledged early involvement in marketing Aisuru) claimed Dort is a resident of Canada and is one of at least two individuals currently controlling the Aisuru/Kimwolf botnet, alongside another alleged botmaster nicknamed “Snow.” Kimwolf is described as a destructive botnet that mass-compromised unofficial Android TV streaming boxes (over two million devices) and forced infected devices to conduct DDoS attacks and relay abusive traffic for residential proxy services. XLab reported “definitive evidence” linking Kimwolf to the earlier Aisuru botnet via shared infrastructure and code evolution, including observation of both strains being distributed from the same IP (93.95.112[.]59). After publication of the initial Kimwolf story, the operators allegedly retaliated by erasing Discord history, doxing a researcher (Benjamin Brundage of Synthient), and launching DDoS attacks against Synthient. The operators also reportedly adopted Ethereum Name Service (ENS) text records as a resilient mechanism for botnet command-and-control discovery and for posting taunting/doxing messages, with XLab documenting mid-December 2025 infrastructure upgrades to use ENS records to publish updated control-server IPs.