Redacted excerpts from the tooling behind the case: repeatable VM provisioning, port-mapped remote access, customer-abuse controls, fleet monitoring with an interactive viewer, attempts to weaken Windows application control, and the build loop that produced it. Selected and generalized; the full source, indicators, and attribution stay restricted.

Agentic AI built a working access-production capability for an operator with limited autonomy across the stack, in 72 hours. The security conversation keeps circling AI-written phishing; the real shift is bigger. The evidence is not a quote. It is the work loop.

An IP address in a network block attributed to Syrian government services (AS29256) is relaying activity consistent with Outlaw/mdrfckr botnet propagation. We assess this as compromised infrastructure, not state-directed activity. Our distributed honeypot network captured the relay chain end-to-end: a three-tier SSH scanning pipeline, a modern exploitation tool advertising ML-KEM-capable key exchange, the mdrfckr SSH key injection, and a 23-second automated burst of 18 reconnaissance commands. This is not new malware research. It is a field observation showing how old commodity botnets continue to exploit weak SSH hygiene and can quietly turn institutional infrastructure into relay nodes.

An SSH-delivered Linux kit observed on two honeypot sensors drops a non-root systemd-user persistence unit, then runs a 10 MB Go scanner with intact DWARF: source tree, module name skn, capability map (scanner, SOCKS5, password-change cascade with VyOS fallback, embedded HTTP listener) all visible. The loader is hardened; the scanner is not. Stage-2 C2 on connexionlost.{net,zip} → 194.5.97.46.

Single-page SOC-facing summary of the Watcher-NetAI / skn cluster - top IOCs, four triage-priority hunts, links to the YARA / Sigma / IOC bundles, controlled-sharing contact. Full analysis in the main report.

17 Windows modules dropped alongside the Linux ELF in the same Prometei drop, including a Mimikatz variant frozen since 2023, a Tor stack masquerading as MSDTC and Smart Card services, and a Linux ELF that pivots back to Windows via WinRM (5985), Redis SLAVEOF (16379), and SMBv1-era dialects. One cross-platform toolkit, walker.ini glue, server-side fingerprint of the C2.

A fresh Prometei v3/v4 ELF on a Linux honeypot, beaconing to the same C2 IP, Tor onion, and UPlugPlay disguise convention eSentire flagged on the Windows side three months earlier. The JSON-trailer schema yields a parent-peer back-pointer per bot. Postscript: four parallel binary-churn cadences in the same toolkit, including bit-identical zsvc unpacked code across drops.

42 post-auth payload deployments from 13 coordinated IPs on AS51396 over 58 hours. The eviction script that precedes each install maps the contested-infrastructure reality: Diicot self-eviction, XMRig, CNRig, Rete, and Kinsing artifacts competing on the same pools of exposed servers.

Adjacent SSH brute-force campaigns observed alongside Sorry-worm: Multiverze sshd backdoor, Diicot/Opera updated 2026 build, Mirai-derived sshscan kit. Indicators in three confidence tiers, YARA and Sigma rules, hunting queries, a reproducible activity timeline, and defensive recommendations.

Binary-level analysis of Sorry-worm: hardcoded RSA-2048 attribution-stable indicator, AES-CBC encryption pipeline, 48-byte fixed prefix on encrypted files, UNIX-nanosecond victim ID, embedded SSH wordlist, and the layered SSH scan that runs concurrently with encryption. The single most important property: encryption and SSH propagation occur concurrently in the same process.

A previously undocumented Linux ransomware-worm hybrid, propagating from compromised SSH relays approximately 8 hours after the sample's first public sandbox submission. Two independent propagation events from unrelated IPs, separated by ~7 hours, more consistent with autonomous worm-style propagation than a single hands-on session.

Findings from four controlled wargame labs running ~1,000 LLM-driven intrusions against a HIIH high-interaction honeypot. Persistence is universal. Attackers come in three shapes. Counter-forensics has arrived - and counter-intelligence works.