Overview On March 25, 2021, 360 NETLAB's BotMon system flagged a suspiciousELF file (MD5=64f6cfe44ba08b0babdd3904233c4857) with 0 VT detection, the sample communicates with 4 domains on TCP 443 (HTTPS), but the traffic is not of TLS/SSL. A close look at the sample revealed it to be a backdoor targeting Linux X64 systems, a family that has been around for at least 3 years. We named it RotaJakiro ba
![RotaJakiro: A long live secret backdoor with 0 VT detection](https://cdn-ak-scissors.b.st-hatena.com/image/square/8cb85616110f8a3c9181ea95c0eac65400ea8ff1/height=288;version=1;width=512/https%3A%2F%2Fblog.netlab.360.com%2Fcontent%2Fimages%2F2019%2F02%2Fastronomy-constellation-dark-998641-4.jpg)