VERY IMPORTANT

On August 20, 2020, 360Netlab Threat Detect System captured a suspicious ELF file (22523419f0404d628d02876e69458fbe.css) with zero VT detections. When we took a close look, we discovered a new botnet that targets AVTECH IP Camera / NVR / DVR devices, with a flexible configuration, highly modular / plugin system, that uses TLS, ChaCha20, and Lz4 to encrypt and compress network traffic.