Exploring the Gorillas in the Malware Jungle

None, None

Exploring the Gorillas in the Malware Jungle

Investigating the communication and attack characteristics of the Gorilla botnet

Master Thesis (2025)

Author(s)

Maarten Weyns (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Contributor(s)

G. Smaragdakis – Graduation committee member (TU Delft - Cyber Security)

Harm Griffioen – Graduation committee member (TU Delft - Cyber Security)

D. Ferrero – Graduation committee member (TU Delft - Cyber Security)

S. Op de Beek – Mentor (TU Delft - Cyber Security)

Gosia Migut – Graduation committee member (TU Delft - Web Information Systems)

Faculty

Electrical Engineering, Mathematics and Computer Science

Cybersecurity Botnet Malware analysis Malware

To reference this document use:

https://resolver.tudelft.nl/uuid:364c6d60-d4a9-4db1-8f90-5a7082f75e98

More Info

expand_more

Publication Year

2025

Language

English

Graduation Date

17-01-2025

Awarding Institution

Delft University of Technology

Programme

Computer Science | Cyber Security

Faculty

Electrical Engineering, Mathematics and Computer Science

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

The rise of the Internet of Things (IoT) has introduced levels of convenience never seen before, but also presents a significant cybersecurity challenge. Especially the insecure nature of many of these IoT devices fuels the emergence of advanced IoT botnets. The Gorilla botnet is a potent example of such IoT botnets and took the internet by surprise in September 2024. That month alone, Gorilla has been responsible for over 300,000 Distributed Denial-of-Service (DDoS) attacks across 100 countries. Although inspired by earlier botnets like Mirai and Gafgyt, Gorilla exhibits unique characteristics and attack strategies that remain largely unexplored.

This thesis conducts a detailed analysis of the Gorilla botnet, focusing on its communication patterns, infection strategies, and attack behaviors. By executing Gorilla’s malware samples in a controlled environment, the study captures insights into its command-and-control (C2) communication and attack strategies. Key findings include the identification of a flaw in Gorilla’s implementation, which could aid future detection efforts, and the discovery of its preference for UDP-based attacks targeting gaming-related services.

Through this work, we contribute a dataset and analysis framework that sheds light on Gorilla’s operations, highlighting its similarities to and deviations from the original Mirai botnet. The findings provide insightful observations, enabling improvements in defenses against IoT botnet threats.

Files

Exploring_the_Gorillas_in_the_... (pdf)

(pdf | 2.02 Mb)

License info not available