Modded Perlbot V2

Malware updated 23 days ago (2024-11-29T14:32:50.984Z)
Download STIX
Preview STIX
Modded Perlbot v2 is a new strain of the ShellBot DDoS bot malware that has been identified as part of an attack campaign targeting mismanaged Linux SSH servers. This campaign, which began on March 22, 2023, involves the distribution of three distinct strains of the ShellBot malware: PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0. These new strains were discovered and categorized by researchers who noted that threat actors could create their own versions, leading to the classification into these three groups. LiGhT’s Modded perlbot v2, along with DDoS PBot v2.0, supports multiple DDoS attack commands using HTTP, TCP, and UDP protocols. These commands facilitate distributed denial-of-service attacks, a common malicious tactic to disrupt network services. On the other hand, PowerBots GohacK is more akin to a backdoor malware, providing capabilities for reverse shell access and arbitrary file uploading. This information was revealed in a report from the AhnLab Security Emergency Response Center. The ShellBot malware, including the Modded perlbot v2 variant, is highly customizable, allowing different capabilities and attack methods to be tailored by various threat actors. This flexibility makes it a potent threat, capable of adapting to different environments and security measures. The emergence of these new strains underscores the need for robust vulnerability management strategies, particularly for Linux SSH servers, to prevent exploitation and maintain system integrity.
Description last updated: 2024-09-13T06:16:08.633Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Shellbot Malware is associated with Modded Perlbot V2. ShellBot is a malicious software (malware) variant that has been actively targeting poorly managed Linux SSH servers. As reported by Hacker News and HackRead in March 2023, this Perl-based DDoS bot deploys different variants to exploit these servers. ShellBot, along with another DDoS malware called Unspecified
3
The Ddos Pbot v2.0 Malware is associated with Modded Perlbot V2. On March 22, 2023, mismanaged Linux SSH servers were targeted by a novel attack campaign involving the distribution of three new strains of the ShellBot DDoS bot malware, including PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0, as reported by The Hacker News. These attacks were espUnspecified
2
Source Document References
Information about the Modded Perlbot V2 Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more