Researchers from checkpoint detected the campaign that implants the backdoor and evades the detection from all security vendors. The campaign primarily targeting East Asia and Latin America, including AWS, hosted machines. Researchers analyzed the sample with VirusTotal on January 9, 2019, and none of the AntiVirus scanners detected it. The infection vector starts with exploiting ThinkPHP vulnerability (CVE-2018-20062) to upload the PHP shell to the server and then to execute the Perl backdoor, the infection is a three-step process.”]