VERY IMPORTANT

On June 17, 2020, 360Netlab Threat Detecting System flagged an interesting ELF sample (dd7c9d99d8f7b9975c29c803abdf1c33), further analysis shows that this is a DDos Bot program that propagates through the CVE-2020-8515 vulnerability which targets the DrayTek Vigor router device, and it uses DGA (Domain generation algorithm) to generate C2 domain names. The program uses "viktor" as file name (/tmp/viktor) in the propagation process, also a special string 0xB16B00B5(big boobs) was used in the sample , we combined the two and named it Bigviktor.