Malware

PocoDown

aka Blitz · PocoDownloader

uses POCO C++ cross-platform library, Xor-based string obfuscation, SSL library code and string overlap with Xtunnel, infrastructure overlap with X-Agent, probably in use since mid-2018

Family metadata imported from Malpedia (Fraunhofer FKIE).