A recent incident response case in Brazil revealed a Perl-based crypto mining botnet called Outlaw, also known as Dota, targeting Linux environments. The threat actor exploits weak SSH credentials, downloads malicious scripts, and deploys an XMRig miner for Monero cryptocurrency. The botnet includes an IRC-based client that acts as a backdoor, allowing for various malicious activities. Victims have been identified mainly in the United States, with additional targets in Germany, Italy, Thailand, Singapore, Taiwan, Canada, and Brazil. The article provides detailed analysis of the malware's components, persistence mechanisms, and evasion techniques. Recommendations for system administrators include hardening SSH configurations and implementing additional security measures to mitigate the risk of compromise.