Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet
Indicators of Compromise

===========================
Primary modules
===========================
[SHA256]							   [Filename]  		 [Detection]
EC0F2960164CDCF265ED78E66476459337C03ACB469B6B302E1E8AE01C35D7EC   docker		Trojan.Python.CVE20253248.YXFFL
52A034E732BCE0CB10FBFAE6F3C208FFB885D490FBCD70BAD62FB2E32A7C33F8   e1x.arm5n 		Backdoor.Linux.FLODRIX.YXFFL
52A034E732BCE0CB10FBFAE6F3C208FFB885D490FBCD70BAD62FB2E32A7C33F8   e1x.arm6 		Backdoor.Linux.FLODRIX.YXFFL
E4AEA6EE7005EE4B500E0B8673B69EA91D1A7532FACAD653E575BA29824845D9   e1x.arm7 		Backdoor.Linux.FLODRIX.YXFFL
7BDBF2766AD55F9A67BFBB97A32D308530E4B5959BB68A9ACB22326DFEE8F282   e1x.m68k		Backdoor.Linux.FLODRIX.YXFFL
E08E03091DEFB5006792934389AA350E8C48C37E59E282EF8FE3C3F126212E20   e1x.mips		Backdoor.Linux.FLODRIX.YXFFL
57CEDC81378F98E568539CC653349FF70EF851A6D51886FD2560F30DF5E31BBD   e1x.mpsl		Backdoor.Linux.FLODRIX.YXFFL
C97128A452FF24D9BA70A3A7674C1D7AD21BABC9C75E7C34330BADDAEEA3D4BD   e1x.ppc		Backdoor.Linux.FLODRIX.YXFFL
80C956C5F279A436E7CF81B3E47333144DA5EF39BD76BD8C4A65E4571125EA7A   e1x.sh4		Backdoor.Linux.FLODRIX.YXFFL
DC9A484F4910EE08EB22AFAB8D328EEF5328C9A5A8ABC6A50062E2065262A81F   e1x.spc		Backdoor.Linux.FLODRIX.YXFFL
4AA59DDE4C8DA2CFF1A3AFE02DB3AE6C00D99E698DB11838B791E1D6C582FFB6   e1x.x86		Backdoor.Linux.FLODRIX.YXFFL
912573354E6ED5D744F490847B66CB63654D037EF595C147FC5A4369FEF3BFEE   e1x.x86_64		Backdoor.Linux.FLODRIX.YXFFL

===========================
Related modules
===========================
[SHA256]							   [Filename]   	[Detection]
09EFD15FF0317424B9B964626DA5E42D68B3CE91F509B16DAD9892D156D3EABE   deez			Trojan.Python.CVE20253248.YXFFK
1E5E9723C6B492C477471CCCB4D7B26AAE653B0C5491C29739F784C664699D36   dvr			Trojan.Python.CVE20253248.YXFFK
AB0F9774CA88994091DB0AE328D98F45034F653BD34E4F5E85679A972D3A039C   e1x.arm		Backdoor.Linux.FLODRIX.YXFFL
C2BCDD6E3CC82C4C4DB6AAF8018B8484407A3E3FCE8F60828D2087B2568ECCA4   e1x.arm5n		Backdoor.Linux.FLODRIX.YXFFL
C2BCDD6E3CC82C4C4DB6AAF8018B8484407A3E3FCE8F60828D2087B2568ECCA4   e1x.arm6		Backdoor.Linux.FLODRIX.YXFFL
A6CF8124E9B4558AACC7DDFA24B440454B904B937929BE203ED088B1040D1B36   e1x.arm7		Backdoor.Linux.FLODRIX.YXFFL
EC52F75268B2F04B84A85E08D56581316BD5CCFEB977E002EB43270FE713F307   e1x.m68k		Backdoor.Linux.FLODRIX.YXFFL
CCB02DCE1BCA9C3869E1E1D1774764E82206026378D1250AED324F1B7F9B1F11   e1x.mips		Backdoor.Linux.FLODRIX.YXFFL
9991C664C052EC407E53439AC6BB4DF3CBBE3E54AF243D007A39D8A3DAB935B9   e1x.mpsl		Backdoor.Linux.FLODRIX.YXFFK
F73B554E6AA7095CFC79CDB687204D99533AEDA73309106BA6CC9428FF57BD1E   e1x.ppc		Backdoor.Linux.FLODRIX.YXFFK
EE84591092A971C965B4E88CC5D6E8C2F07773B3BEE1486F3A52483EE72A2B3B   e1x.sh4		Backdoor.Linux.FLODRIX.YXFFK
002F3B2C632E0BE6CBC3FDF8AFCD0432FFE36604BA1BA84923CADAA147418187   e1x.spc		Backdoor.Linux.FLODRIX.YXFFL
99B59E53010D58F47D332B683EB8A40DF0E0EACEF86390BCA249A708E47D9BAD   e1x.x86		Backdoor.Linux.FLODRIX.YXFFL
78B430BFF7D797B020D06702659E26D8CA01C8FC968239390697AEFF472623A7   e1x.x86_64		Backdoor.Linux.FLODRIX.YXFFL
D8D5A32BBD747C92FA1BB55DCE4ABB20E8D09711AEBCBFE8E7EEC83173F9E627   lilin		Trojan.SH.DOWNLOADER.YXFFL
08CF20E54C634F21D8708573EEF7FDE4DBD5D3CD270D2CB8790E3FE1F42ECCEC   rsp			Trojan.SH.DOWNLOADER.YXFFL
6DD0464DD0ECDE4BB5A769C802D11AB4B36BBE0DD4F0F44144121762737A6BE0   ruijie		Trojan.SH.DOWNLOADER.YXFFL
C462A09DB1A74DC3D8ED199EDCA97DE87B6ED25C2273C4A3AFE811ED0C1C8B1D   test_rsp		Trojan.SH.DOWNLOADER.YXFFL
C2DCEB14EB91802CD4F78E78634E7837F4B2F4D1329D3F5293C53798B4D0C30E   test_rv		Trojan.SH.DOWNLOADER.YXFFL
9850EB26D8CBEF3358DA4DF154E054759A062116C2AA82DE9A69A8589F0DCE49   test_wcp		Trojan.SH.DOWNLOADER.YXFFL
A42F8428AA75C180C2F89FBB8B1E44307C2390ED0EBF5AF10015131B5494F9E1   tst_tdvr		Trojan.SH.DOWNLOADER.YXFFL
E1C830643DE2EC7BC7C032F7EC96C302CE54E703EAF576D3796D1BBD05D8A63F   wcp			Trojan.SH.DOWNLOADER.YXFFL
51085CD2DE0ED6A9A6738AC85A8CAF297FBD22DB4B049822A9802BB8140DCD3D   zxc_camera		Trojan.SH.DOWNLOADER.YXFFL
64927195D388BF6A1042C4D689BCB2C218320E2FA93A2DCC065571ADE3BB3BD3   zxc_deez		Trojan.SH.DOWNLOADER.YXFFL
ABB0C4AD31F013DF5037593574BE3207A4C1E066A96E58CE243AAF2EF0FC0E4D   zxc_rsp		Trojan.SH.DOWNLOADER.YXFFL
6DD0464DD0ECDE4BB5A769C802D11AB4B36BBE0DD4F0F44144121762737A6BE0   zxc_ruijie		Trojan.SH.DOWNLOADER.YXFFL
47497B24AF6FF42DAE582998AEEEDBC7B9CA6B3E0D82E8E49E8AC4A0F453A659   e1x.x86		Backdoor.Linux.FLODRIX.YXFFL
DF9E9006A566A4FE30EAA48459EC236D90FD628F7587DA9E4A6A76D14F0E9C98   e1x.x86_64		Backdoor.Linux.FLODRIX.YXFFL



===========================
C&C servers
===========================
[IP]
80[.]66[.]75[.]121
188[.]166[.]68[.]21
206[.]71[.]149[.]179
45[.]61[.]137[.]226