VERY IMPORTANT

The overall structure of the family has not changed, still consists of scanning and mining modules, the purpose of scanning is to form a mining botnet. The new ones and the old ones are pretty much same origin, the function has changed slightly. The new version still relies on ngrok.io to distribute samples and report results. The ports and services that the bot is going after have changed, with Apache CouchDB and MODX removed while 3 new ones of Mongo, Confluence and vBulletin added. Same as the old ones, the scanner module is only responsible for detecting open ports and services, with no exploit functions integrated.