{"id":"6bf1582107c07a32ac1c0301cc1ca652","title":"Gafgyt — Gafgyt · ddos · ELF","md5":"6bf1582107c07a32ac1c0301cc1ca652","sha256":"4bf982fcbc5f74bb9d72087e0d38ee739bfeeec8a5b0a63c9414c8fc4126208d","family":"Gafgyt","verdict":null,"sample_type":"ddos","lang":"Rust","file_format":"ELF","compiler":"rustc","published_at":"2026-06-02T16:00:00.000Z","summary":"This sample is a Rust-compiled ARMv7l IoT DDoS Botnet agent. It receives attack commands via hardcoded C2 (31.56.209.222:31337), supporting TCP Raw Flood, ICMP Echo Flood, and UDP Plain Flood vectors. Built-in anti-honeypot detection (/proc/*/comm scan) and architecture lock (armv7l) increase analysis difficulty. No persistence mechanism - depends on external dropper. Behavior matches Gafgyt/Bashlite family (8/8 dimensions) but uses Rust compilation, representing IoT botnet migration toward memory-safe languages.","url":"https://zseceye.com/report/6bf1582107c07a32ac1c0301cc1ca652","json_url":"https://zseceye.com/report/6bf1582107c07a32ac1c0301cc1ca652.json","html_url":"https://zseceye.com/report/6bf1582107c07a32ac1c0301cc1ca652","hash_urls":{"md5":"https://zseceye.com/hash/6bf1582107c07a32ac1c0301cc1ca652","sha256":"https://zseceye.com/hash/4bf982fcbc5f74bb9d72087e0d38ee739bfeeec8a5b0a63c9414c8fc4126208d"},"search_urls":{"md5":"https://zseceye.com/?q=6bf1582107c07a32ac1c0301cc1ca652","sha256":"https://zseceye.com/?q=4bf982fcbc5f74bb9d72087e0d38ee739bfeeec8a5b0a63c9414c8fc4126208d"},"sample_download_url":"https://zseceye.com/report/6bf1582107c07a32ac1c0301cc1ca652/sample","sample_filename":"4bf982fcbc5f74bb9d72087e0d38ee739bfeeec8a5b0a63c9414c8fc4126208d.zip","iocs":[],"ips":[]}