VERY IMPORTANT

An exposed open directory on a command and control server revealed a complete deployment of the BYOB (Build Your Own Botnet) framework. The multi-stage infection chain targets Windows, Linux, and macOS platforms, implementing seven persistence mechanisms. The malware includes extensive post-exploitation capabilities such as keylogging, packet capture, and email harvesting. Analysis uncovered a modular design with encrypted C2 communications and infrastructure reuse across multiple regions. Two nodes also hosted XMRig cryptocurrency miners, indicating additional monetization efforts. The campaign has been operational for approximately 10 months, demonstrating geographic and provider diversification in its infrastructure.