Skip to main content
Security Scorecard

A Detailed Analysis of the Gafgyt Malware Targeting IoT Devices

Gafgyt malware, also known as Bashlite, along with Mirai, have targeted millions of vulnerable IoT devices in the last few years. The recently compiled sample we’ve analyzed borrowed some code leaked online from the Mirai botnet. The following commands are implemented: ALPHA, GAME, GRE, ICMP, JAIL, KICK, MIX, PLAIN, QUERY, SPEC, and STOP. The purpose of these commands is to perform multiple types of TCP and UDP DoS attacks, to target game servers running Valve’s Source Engine with DoS attacks, to perform “GREflood” and ”ICMPflood” attacks, to perform HTTP DoS attacks on OVH servers. The last command is used to stop the malicious activity.

Join us in making the world a safer place.