Perlbot

Malware updated 6 months ago (2024-05-04T21:18:36.435Z)

Download STIX

Preview STIX

PerlBot, also known as ShellBot, is a harmful malware developed using the Perl programming language. This Distributed Denial of Service (DDoS) bot is designed to exploit poorly managed Linux SSH servers, primarily through dictionary attacks on weak SSH credentials. It uses the IRC protocol for Command and Control (C2) communications, enabling it to steal information, disrupt operations, and potentially hold data hostage. The malware can be delivered to systems via suspicious downloads, emails, or websites without the user's knowledge. Researchers from AhnLab Security Emergency Response Center (ASEC) have categorized PerlBot into three distinct groups: LiGhT’s Modded perlbot v2, DDoS PBot v2.0, and PowerBots (C) GohacK. These versions support multiple DDoS attack commands using HTTP, TCP, and UDP protocols. In March 2023, ASEC disclosed that mismanaged Linux SSH servers were being targeted by these new strains of ShellBot malware, leading to a significant increase in cyberattacks. The abuse of vulnerabilities such as CVE-2022-46169 and CVE-2021-35394 has been observed in delivering PerlBot, according to Fortinet FortiGuard Labs. The high CVSS scores of these vulnerabilities (9.8 each) indicate their severity and potential impact. To mitigate the risks associated with PerlBot, organizations are advised to manage their Linux SSH servers properly, keep software up-to-date, and implement robust security measures.

Description last updated: 2024-05-04T20:37:17.642Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Shellbot is a possible alias for Perlbot. ShellBot is a malicious software (malware) variant that has been actively targeting poorly managed Linux SSH servers. As reported by Hacker News and HackRead in March 2023, this Perl-based DDoS bot deploys different variants to exploit these servers. ShellBot, along with another DDoS malware called	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ddos

Malware

Linux

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Perlbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
Securityaffairs	2 years ago	Moobot botnet spreads by targeting Cacti and RealTek flaws
CERT-EU	2 years ago	Shell DDoS Malware Attacks Poorly Managed Linux SSH Servers
CERT-EU	2 years ago	Links 21/03/2023: JDK 20 and GNOME 43.5
CERT-EU	2 years ago	Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
CERT-EU	a year ago	Beware bad passwords as attackers co-opt Linux servers into cybercrime
CERT-EU	2 years ago	New .NET developer-targeted attack leverages malicious NuGet packages
Securityaffairs	2 years ago	New ShellBot bot targets poorly managed Linux SSH Servers