Background
Since the Log4J vulnerability was exposed, we see more and more malware jumped
on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on February 9, 2022,
360Netlab's honeypot system captured an unknown ELF file propagating through the
Log4J vulnerability. What stands out is that the network traffic generated by
this sample triggered a DNS Tunnel alert in our system, We decided to take a
close look, and indeed, it is a new botnet family, which we named B1txor20
based on its prop
