It exploits an authentic VMware binary to deceive security tools into accepting errant activity.

It’s called such due to the traffic pattern it generates—a rapid succession of attack bursts that split a botnet’s attack output.