Modded Perlbot V2

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Modded perlbot v2 is a strain of the ShellBot DDoS bot malware, part of a new attack campaign targeting mismanaged Linux SSH servers that was uncovered on March 22, 2023. This campaign involved three different strains: PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0. These malicious software strains are designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites unbeknownst to the user. The researchers have categorized the ShellBot into three distinct groups as threat actors can create their own versions: LiGhT’s Modded perlbot v2, DDoS PBot v2.0, and PowerBots (C) GohacK. Both LiGhT’s Modded perlbot v2 and DDoS PBot v2.0 support multiple DDoS attack commands using HTTP, TCP, and UDP protocols. This allows them to disrupt operations by overwhelming targeted servers with traffic, potentially causing significant disruption and downtime. The report from the AhnLab Security Emergency Response Center also revealed that both DDoS PBot v2.0 and Modded perlbot v2 offer commands to facilitate distributed denial-of-service attacks. Meanwhile, PowerBots, which has more backdoor-like capabilities, could enable reverse shell access and arbitrary file uploading. This means it can not only disrupt operations but also potentially steal personal information or hold data hostage for ransom.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
Linux
Ddos
Denial of Se...
Vulnerability
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Ddos Pbot v2.0Unspecified
2
On March 22, 2023, mismanaged Linux SSH servers were targeted by a novel attack campaign involving the distribution of three new strains of the ShellBot DDoS bot malware, including PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0, as reported by The Hacker News. These attacks were esp
ShellbotUnspecified
2
ShellBot is a malicious software (malware) that has been targeting poorly managed Linux SSH servers. The malware, which was detected in multiple variants, is primarily being used to carry out distributed denial-of-service (DDoS) attacks. ShellBot exploits the Cacti bug and uses it as a primary lever
PerlbotUnspecified
1
PerlBot, also known as ShellBot, is a harmful malware developed using the Perl programming language. This Distributed Denial of Service (DDoS) bot is designed to exploit poorly managed Linux SSH servers, primarily through dictionary attacks on weak SSH credentials. It uses the IRC protocol for Comma
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Modded Perlbot V2 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Linux SSH servers targeted by novel ShellBot malware variants
Securityaffairs
a year ago
New ShellBot bot targets poorly managed Linux SSH Servers