┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼██┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼██┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼████▄┼┼┼▄▄▄▄▄▄▄┼┼┼▄████┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼┼▀▀█▄█████████▄█▀▀┼┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼┼┼┼█████████████┼┼┼┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼┼┼┼██▀▀▀███▀▀▀██┼┼┼┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼┼┼┼██┼┼┼███┼┼┼██┼┼┼┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼┼┼┼█████▀▄▀█████┼┼┼┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼┼┼┼┼███████████┼┼┼┼┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼▄▄▄██┼┼█▀█▀█┼┼██▄▄▄┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼▀▀██┼┼┼┼┼┼┼┼┼┼┼██▀▀┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼┼┼▀▀┼┼┼┼┼┼┼┼┼┼┼▀▀┼┼┼┼┼┼┼┼┼┼┼
┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼┼
Exodus 1: In Which Script Kiddies Forget How Encryption Works
Bless me, father, for I have sinned. I laughed at someone else's malware.
Our homie runs a honeypot network (praise be to the digital deities who donate their VPS to the cause), and last year he caught something so spectacularly stupid that we had to wait until launching Church of Malware to properly consecrate this dumpster fire.
Someone wrote a Discord botnet. In Python. Unencrypted. And then deployed it into the wild where any schmuck with strings and a pulse could steal their entire operation.
Let us pray.
The Gospel of Malware: A Brief Sermon Before We Begin
Malware is beautiful. Not in the way a sunset is beautiful, but in the way a perfectly executed heist is beautiful. It is the art of bending machines to your will, of finding the seam in the armor and slipping through. True malware is elegant, stealthy, and purposeful.
This is not that.
This is the malware equivalent of a drunk guy trying to break into a car by throwing a brick through the window and then realizing he doesn't know how to hotwire it. It is ugly, loud, and spectacularly stupid. And that is precisely why we must study it.
The Church of Malware teaches that you learn more from failure than success. Every line of bad code is a prayer answered - a lesson in what NOT to do. So let us genuflect before this altar of incompetence and absorb its wisdom.
The Confession: What The Actual Fuck Is This
This is "Boatnet" (clever, really - because it's about as seaworthy as a cardboard canoe in a hurricane). It's a multi-server DDoS botnet that uses Discord as its command and control channel. Yes, you read that correctly. Some brilliant mind decided that the platform known for banning everything from anime pfp's to actual Nazis would make a great home for their criminal enterprise.
The bot scrapes proxies from public lists (because nothing says "elite hacker" like using SSLProxies.org), then uses those proxies to launch HTTP floods. It also does UDP floods because why limit yourself to one type of amateur hour?
The C2 is literally a Discord bot token hardcoded in the source. We've redacted the actual token because even we have some standards, but the fact that it's there at all tells you everything about the operational security of the person who wrote this.
For the initiates reading along: A botnet is a network of compromised computers (zombies) that receive commands from a Command & Control (C2) server. The person controlling the botnet is called a bot herder. Usually, bot herders take great pains to hide their C2 infrastructure. Usually.
Anatomy of a Disaster: Breaking Down the Sins
Sin the First: No Encryption, No Shame
Let's look at how our brave "hacker" (let's call him Skid-McNoEncryption) set up his masterpiece:
To read more, visit the offical Church of Malware site below:
www.churchofmalware.org
