Since the Log4J vulnerability was discovered, some other malware showed up and exploited it. B1txor20 seems to take its place among the participants in this malware cluster .
Discovered by Netlab , B1xtor20 is predicted to be from a new botnet family. Found that due to a DNS Tunnel warning triggered in the system, the malware opened a Linux backdoor to create C2 communication channels. It also has functions such as turning on Socket3 proxy, downloading and installing Rootkit remotely.
Netlab’s article draws attention to the detail that four different B1xtor20 samples were detected. They all have more or less the same functions and work the same way. It establishes the C2 channel using DNS Tunnel, enables direct connection and relaying, and uses ZLIB compression, RC4 encryption, and BASE64 encoding to protect the traffic of the backdoor Trojan.
SOCRadar’s holistic understanding of threat intelligence offers many modules to protect you from malware. With the SOCRadar’s Threat Intelligence Feed , you can monitor IoCs, and with Malware Analysis , you can perform automatic or manual file analysis.