The Operations of the Swarm: Inside the Complex World of Mirai-Based Botnets

### Executive Summary The report provides a technical primer on modern botnets, profiling Mirai and its many variants and focusing on large-scale IoT botnets Aisuru-Kimwolf and Kimwolf (affecting millions of devices and responsible for record-setting DDoS attacks). It documents observed TTPs (vulnerability/exposed-default-credential exploitation, use of residential proxies and I2P for C2), recent DOJ disruption actions against C2 infrastructure, and supplies example IOCs and defensive recommendations for DDoS protection, DNS filtering, patching, and credential hygiene.