Iranian Botnet Exposed via Open Directory: 15-Node Relay Network and Active C2

*Executive summary:* Hunt.io researchers discovered an exposed open directory that revealed a 15-node relay/tunnel network (Iranian ingress, Hetzner exit nodes) and a credential-driven SSH botnet that compiles and launches a C-based DDoS client on victim hosts; the collection includes deployment scripts, bash history documenting tunnel deployment, DDoS testing, iterative botnet development, compiled binaries with reconnection logic, and multiple IPs/domains and file hashes that can be used as IOCs.