[unixfreaxjp]

Linux/Elknot packed/stripped "freeBSD" version is the hot version left of the elknot in market now.
Just aim this assembly process for get into cnc of the ELF malware Linux/Elknot packed/stripped "freeBSD" version.
I even automated it.. lolling the builder :roll:

*) do this well, and you'll see the double cnc extracted - kudos to mockers who laugh

[unixfreaxjp]

Classic elknot :) still around (60.172.246.107:10991)

https://www.virustotal.com/en/file/ce06 ... 442837707/

[unixfreaxjp]

ChinaZ gangs using a shellshock:

A panel:

A CNC:

↑all in US.. using payload of Linux/Elknot (packed/stripped)
Second CNC:

haha ..unusued..

Sample: https://www.virustotal.com/en/file/d95c ... /analysis/
( Who is these "Cornel"?? :lol: get a new name of a "well-known" Elknot?? :roll: )