As of now, the attack traffic detected has doubled since 03/31/2020, implying that many Grandstream UCM6200 and Draytek Vigor devices are infected or under active attack. The malware is built on the Gafgyt/Bashlite malware family codebase, which we have dubbed Hoaxcalls, based on the name of the IRC channel used for command and control (C2) communications. It can also propagate by exploiting CVE-2020-5722. Palo Alto Networks customers are protected from such infections, but they are still advised to update patches as soon as possible.”]
Source: https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/