Bashlite

Also known as: Gafgyt, gayfgt, lizkebab, qbot, torlus

Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.

C2 Infrastructure

Hosting/VPS 100%

Last 7 days

Jun 26, 2026

C2 Hosts: 1

Daily C2 host counts for the last 7 days
Date	C2 Hosts
Jun 26, 2026	1

在360Netlab（netlab.360.com），我们持续的通过我们的 BotMon 系统跟踪全球范围内的僵尸网络。特别的，对于DDoS 相关的僵尸网络，我们会进一步跟踪其内部指令，从而得以了解攻击的细节，包括攻击者是谁、受害者是谁、在什么时间、具体使用什么攻击方式。最近俄乌局势紧张，双方的多个政府、军队和金融机构都遭到了DDoS攻击，我们也不断接收到安全社区的询问，咨询对于最近乌克...

blog.netlab.360.com

Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall

Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt.

unit42.paloaltonetworks.com

Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments

Aqua Nautilus researchers discovered a new variant of Gafgyt botnet targeting machines with weak SSH passwords.

aquasec.com

Could Threat Actors Be Downgrading Their Malware to Evade Detection?

Threat actors modify their malware to evade detection. This blog analyzes modification techniques used by Gafgyt (aka Qbot) malware.

nozominetworks.com

Discovery of Simps Botnet Leads to Ties to Keksec Group

Uptycs' threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities

uptycs.com

Mirai Code Re-use in Gafgyt

Using threat intelligence systems and an in-house osquery-based sandbox, Uptycs' threat research team recently discovered multiple variants of the Linux-based botnet malware family, Gafgyt.

uptycs.com

Bashlite

C2 Infrastructure

Last 7 days

Further Reading