GTPDOOR is Linux malware that communicates C2 traffic over GTP-C signalling messages, blending in with normal telco traffic. It can execute commands sent in GTP echo requests and probe hosts covertly via TCP packets. Versions target x86 and i386 architectures.

Click for details.