Botnet

Gafgyt

First seen: 2014 • Status: active

Currently Active Threat

Gafgyt is an IoT botnet older than Mirai that turns smart devices into attack zombies.

Overview

Gafgyt is a Linux botnet that predates Mirai and targets IoT devices. Its leaked source code has led to numerous variants targeting various architectures.

Also Known As

Bashlite, Lizkebab, Torlus, QBOT

How It Spreads

  • Telnet brute force
  • Default credentials
  • IoT vulnerabilities

What It Does

  • DDoS attacks
  • Botnet operations
  • IoT device compromise
  • Cryptomining

Is your business exposed?

Target Platforms

Linux, IoT

Detection Tips

  • Monitor for Telnet brute force
  • Check for IoT device anomalies
  • Analyze outbound DDoS traffic
  • Review default credential usage

MITRE ATT&CK Techniques

T1110, T1498, T1496, T1071

If You're Infected

  1. 1.

    Reset IoT device credentials

  2. 2.

    Update IoT device firmware

  3. 3.

    Segment IoT networks

  4. 4.

    Block malicious C2 IPs

Related Malware

Mirai, Xorddos, Tsunami

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices