New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics

**Executive summary:** A technical analysis of C0XMO, a Gafgyt-family IoT botnet that exploits CVE-2021-27137 to compromise DD-WRT and other devices, using a modular design that separates an extensible Python scanner from lightweight multi-architecture binaries; the report describes persistence, competitor-removal, a custom C2 protocol, 19 DDoS methods, IOCs (hosts and hashes), and recommended mitigations.