Ddos Pbot v2.0

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
On March 22, 2023, mismanaged Linux SSH servers were targeted by a novel attack campaign involving the distribution of three new strains of the ShellBot DDoS bot malware, including PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0, as reported by The Hacker News. These attacks were especially concerning due to their potential to exploit vulnerabilities in these servers. DDoS PBot v2.0, a type of malware, is one of these strains that infiltrates systems through suspicious downloads, emails, or websites, often without user knowledge, with the intent to steal personal information, disrupt operations, or hold data hostage for ransom. Researchers have categorized the ShellBot into three different groups, given that threat actors can create their own versions: LiGhT’s Modded perlbot v2, DDoS PBot v2.0, and PowerBots (C) GohacK. Both LiGhT’s Modded perlbot v2 and DDoS PBot v2.0 support multiple DDoS attack commands using HTTP, TCP, and UDP protocols. This versatility increases the potency of the attacks, allowing them to exploit a wider range of vulnerabilities in target systems. DDoS PBot v2.0 and Modded perlbot v2 are particularly dangerous as they offer commands to facilitate distributed denial-of-service attacks, which can overwhelm servers and disrupt services. On the other hand, PowerBots, which has capabilities more akin to a backdoor, could facilitate reverse shell access and arbitrary file uploading, according to a report from the AhnLab Security Emergency Response Center. This means that PowerBots could potentially give attackers control over infected systems, further exacerbating the risk posed by these malware variants.
What's your take? (Question 1 of 1)
85746ce7-9866-42e6-aeca-225063f3a4c2 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ShellbotUnspecified
2
ShellBot is a malicious software (malware) that has been targeting poorly managed Linux SSH servers. The malware, which was detected in multiple variants, is primarily being used to carry out distributed denial-of-service (DDoS) attacks. ShellBot exploits the Cacti bug and uses it as a primary lever
Modded Perlbot V2Unspecified
2
Modded perlbot v2 is a strain of the ShellBot DDoS bot malware, part of a new attack campaign targeting mismanaged Linux SSH servers that was uncovered on March 22, 2023. This campaign involved three different strains: PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0. These malicious
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ddos Pbot v2.0 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Ukraine targeted by novel malware attacks
CERT-EU
a year ago
Linux SSH servers targeted by novel ShellBot malware variants
CERT-EU
a year ago
New .NET developer-targeted attack leverages malicious NuGet packages
Securityaffairs
a year ago
New ShellBot bot targets poorly managed Linux SSH Servers