Older versions included features common to RATs, such as: Bypassing specific firewalls. Encrypting all sent traffic to evade detection. Keylogging capabilities to steal sensitive information. Role in Cyber Operations
Experts have traced its development back to at least 2006, with strong evidence suggesting it was developed in China for Chinese users. It has evolved over time, with its code occasionally being integrated into more sophisticated malware like the SoulSearcher backdoor .
The tool has been used in operations targeting rather than specific industries, functioning under a "not knowing what they are looking for until they find it" approach. It often utilizes Dynamic DNS services to maintain stable connections between the attacker and infected hosts.
It establishes channels between a central server and "zombie" PCs, enabling attackers to deliver synchronized attack orders.
It is most notorious for HTTP GET Flooding , a technique that exhausts a target's web server resources by overwhelming it with legitimate-looking application requests.