Jérôme MeyerOne custom RC4 seed led us to four botnets, five C2 channels, and a developer who shipped their Windows username and Cursor IDE logs with their malware.
Equal parts cryptography, thread-pulling, and easter eggs.
https://github.com/deepfield/public-research/blob/main/reports/2026-03-20-aisuru-ecosystem.md
#threatintel #Aisuru #kimwolf #jackskid #mossadproxy #cecilio
