It has been four months since Microsoft and Kaspersky Lab announced the disruption of Kelihos/Hlux botnet. The new version appeared as early as September 28, right after Microsoft announced the neutralization of the original Hlux/Kelihos botnet. It seems that someone obtained the botnet source code and just wanted to make future bots look different by shuffling the order of encryption stages. Also the encryption keys were changed, which is quite predictable. The controllers list in the new version remained almost the same and slightly changed over time.”]
Source: https://securelist.com/kelihoshlux-botnet-returns-with-new-techniques/32021/