This document describes how to analyze and take down a Russian Android botnet. The steps included: 1) Reversing the malware to understand its functions and network protocol; 2) Analyzing the malware's network protocol which used HTTPS and JSON; 3) Hacking the malware's command and control server by feeding it malformed data and accessing its database; 4) Identifying the hacker who was a 29-year-old Russian PhD student. Over 50,000 devices were infected, and the botnet was used to steal passwords, SMS messages, and launch DDoS attacks before it was destroyed in April 2014.