Attackers were running recon on a foreign company via trojan spyware connected to a C2 panel on a compromised web host server. Unfortunately they forgot to have their logs and screenshots automatically purged from their C2 panel, so I was able to stumble upon their mainly intact C2 panel. Let’s see what it reveals about their operation.