Ddos Pbot v2.0

Malware updated 4 months ago (2024-05-04T16:40:45.722Z)
Download STIX
Preview STIX
On March 22, 2023, mismanaged Linux SSH servers were targeted by a novel attack campaign involving the distribution of three new strains of the ShellBot DDoS bot malware, including PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0, as reported by The Hacker News. These attacks were especially concerning due to their potential to exploit vulnerabilities in these servers. DDoS PBot v2.0, a type of malware, is one of these strains that infiltrates systems through suspicious downloads, emails, or websites, often without user knowledge, with the intent to steal personal information, disrupt operations, or hold data hostage for ransom. Researchers have categorized the ShellBot into three different groups, given that threat actors can create their own versions: LiGhT’s Modded perlbot v2, DDoS PBot v2.0, and PowerBots (C) GohacK. Both LiGhT’s Modded perlbot v2 and DDoS PBot v2.0 support multiple DDoS attack commands using HTTP, TCP, and UDP protocols. This versatility increases the potency of the attacks, allowing them to exploit a wider range of vulnerabilities in target systems. DDoS PBot v2.0 and Modded perlbot v2 are particularly dangerous as they offer commands to facilitate distributed denial-of-service attacks, which can overwhelm servers and disrupt services. On the other hand, PowerBots, which has capabilities more akin to a backdoor, could facilitate reverse shell access and arbitrary file uploading, according to a report from the AhnLab Security Emergency Response Center. This means that PowerBots could potentially give attackers control over infected systems, further exacerbating the risk posed by these malware variants.
Description last updated: 2024-03-05T20:46:19.441Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
ShellbotUnspecified
2
ShellBot is a malicious software (malware) that has been targeting poorly managed Linux SSH servers. The malware, which was detected in multiple variants, is primarily being used to carry out distributed denial-of-service (DDoS) attacks. ShellBot exploits the Cacti bug and uses it as a primary lever
Modded Perlbot V2Unspecified
2
Modded perlbot v2 is a strain of the ShellBot DDoS bot malware, part of a new attack campaign targeting mismanaged Linux SSH servers that was uncovered on March 22, 2023. This campaign involved three different strains: PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0. These malicious
Source Document References
Information about the Ddos Pbot v2.0 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
New .NET developer-targeted attack leverages malicious NuGet packages
CERT-EU
a year ago
Linux SSH servers targeted by novel ShellBot malware variants
CERT-EU
a year ago
Ukraine targeted by novel malware attacks
Securityaffairs
a year ago
New ShellBot bot targets poorly managed Linux SSH Servers