EXECUTIVE SUMMARY:
The Gayfemboy botnet, initially a basic Mirai variant, highlights the rapid advancement of DDoS attacks through the exploitation of critical vulnerabilities. Its early versions used simple UPX-packing and lacked innovation, but developers soon adopted advanced techniques to increase its capabilities. Key vulnerabilities included CVE-2024-12856, a 0-day flaw in Four-Faith Industrial Routers that allowed remote code execution, enabling the botnet to propagate malware across industrial systems. Another, CVE-2017-17215, exploited weak input validation in Huawei routers to gain unauthorized access. Similarly, CVE-2023-26801 bypassed authentication in router firmware, compromising device functionality. Additionally, CVE-2024-8956 and CVE-2024-8957 targeted smart home devices with weak security, allowing unauthorized control. These exploits enabled Gayfemboy to infect a broad range of devices, growing its network to over 15,000 active nodes.