Kaiten is a classic IRC-based DDoS bot, also known in some contexts as Tsunami. In the provided content it is referenced as an established botnet malware family and as a competitor process name targeted for termination by other Linux/IoT malware. Specifically, a Bash-based Linux worm targeting Raspberry Pi devices over SSH is described as killing running processes named "kaiten" alongside miners, zmap, and Mirai-related binaries in order to monopolize infected devices. The content also explicitly labels Kaiten as a "Classic IRC bot (Kaiten/Tsunami DDoS tool)." No additional high-confidence details on Kaiten’s own infection vector, infrastructure, or indicators of compromise are provided in the source content.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
6 distinct techniques documented for this family, organized by ATT&CK tactic.
[Command & Control — T1071 / IRC over port 6667] ... UnderNet #biret channel
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Mentioned as competing malware killed by the sample. It is described as a classic IRC-based DDoS bot/tool present in the IoT malware ecosystem.
Kaiten is a DDoS botnet malware family targeting Linux systems, known for its use in large-scale denial-of-service attacks.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.