First discovered in January this year, Necro Python is also tracked as N3Cr0m0rPh, FreakOut, Python.IRCBot and is known for attempting to exploit multiple known vulnerabilities.

In late September, the botnet added to its arsenal an exploit targeting a security vulnerability in Visual Tools DVR VX16 4.2.28.0, according to a warning from Juniper Threat Labs.

Based on Python, the botnet includes a broad range of capabilities, including the ability to sniff network traffic, launch distributed denial of service attacks, infect different types of files (HTML, JS, PHP), install a Monero miner, execute commands, and spread using exploits or brute-forcing.