RapperBot: From Infection to DDoS in a Split Second

I wrote this after one of my own systems got popped by RapperBot. Instead of just wiping, I decided to collect samples, pull some PCAPs, and see how it actually works. From infrastructure breakdown to encrypt C2 in TXT DNS records, binary reversing to exploit analysis, I've tried to dissect as much as I could to understand how everything connects together and share with the community. Happy to answer any questions too.