Today, when I was tracking the server to which a variant of Trj/LdPinch sends information, I have come across, among the files in the server, some .php files that are used to control a botnet via web.

The image below would be the initial screen from which the infected systems can be viewed for geographical area:


And the option “Botnet controller” allows different actions to be carried out in the affected systems: