BVP47 is a NSA backed Tailored Access oprations (TAO) backdoor. It is detected by Chinese firm back in 2013 which it disclosed now. The name Bvp47 comes form the numerous references to the string "Bvp" and the numerical value "0x47" used in the encryption algorithm, the backdoor was extracted from Linux systems during an forensic investigation of one of company's client. It utilizes advanced covert channel behavior based on TCP SYN packets, code obfuscation, system hiding, and self-destruction design. It has over 245 targets in 45 countries, including american friendly countries. A detail analysis can be found
here.
BVP47 Equation Group Malware Signatures
Family: UDS:Backdoor.Linux.Bvp47.a
MD5: 58b6696496450f254b1423ea018716dc
SHA256: 7989032a5a2baece889100c4cfeca81f1da1241ab47365dad89107e417ce7bac
BVP47 Equation Group Malware Download
