B1txor20 is a linxu-based backdoor which builds C2 communication channels using DNS Tunnel Technology. Along with its traditional backdoors, it also has functions like Socket5 proxy and remote installation and downloading rootkits. Since it is a fairly new backdoor, there are still some bugs present in the backdoor. The backdoor uses ZLIB compression, Base64 encoding, and RC4 encryption to protect it’s traffic. The main features currently supported are shown below.
Basic Flowchart from Netlab.