Scripts and complete output from a blog post regarding rekoobe backdoor.
The Zip file containing the PCAP can be opened with the password: infected
The Zip file containing the sample is: rekoobe
Blog: https://blog.techevo.uk/analysis/linux/2024/11/30/rekoobe-apt31-linux-backdoor.html