Bashlite
Also known as: Gafgyt, gayfgt, lizkebab, qbot, torlus
Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.
C2 Infrastructure
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 26, 2026 | 1 |
Further Reading
At 360Netlab, we continuously track botnets on a global scale through our BotMon system. In particular, for DDoS-related botnets, we further tap into their C2 communications to enable us really see...
在360Netlab(netlab.360.com),我们持续的通过我们的 BotMon 系统跟踪全球范围内的僵尸网络。特别的,对于DDoS 相关的僵尸网络,我们会进一步跟踪其内部指令,从而得以了解攻击的细节,包括攻击者是谁、受害者是谁、在什么时间、具体使用什么攻击方式。 最近俄乌局势紧张,双方的多个政府、军队和金融机构都遭到了DDoS攻击,我们也不断接收到安全社区的询问,咨询对于最近乌克...
Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt.
Aqua Nautilus researchers discovered a new variant of Gafgyt botnet targeting machines with weak SSH passwords.
Threat actors modify their malware to evade detection. This blog analyzes modification techniques used by Gafgyt (aka Qbot) malware.
Uptycs' threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities
Using threat intelligence systems and an in-house osquery-based sandbox, Uptycs' threat research team recently discovered multiple variants of the Linux-based botnet malware family, Gafgyt.