Can anyone link to an article that goes into goes into detail on how the botnet uses blockchain to recover the botnet after they disrupt the c2. This seems interesting.
They are hard coded to watch certain wallets for transactions on the chain if their normal c2 servers are offline. The transactions contain their new servers/other instructions.