For many months this was a really private cmd, but it’s already public and being used in many botnets.

It’s a pretty complete tool with a very detailed programming, you can check it by the use of comments on every step. I don’t know if there is a recent version of it but this is the one I caught.

When I was posting this, Amir told me that I also got this one on their servers but it was backdoored with iframes. I’m still checking out the code for more diff.