Perlbot

Malware updated 4 months ago (2024-05-04T21:18:36.435Z)

Download STIX

Preview STIX

PerlBot, also known as ShellBot, is a harmful malware developed using the Perl programming language. This Distributed Denial of Service (DDoS) bot is designed to exploit poorly managed Linux SSH servers, primarily through dictionary attacks on weak SSH credentials. It uses the IRC protocol for Command and Control (C2) communications, enabling it to steal information, disrupt operations, and potentially hold data hostage. The malware can be delivered to systems via suspicious downloads, emails, or websites without the user's knowledge. Researchers from AhnLab Security Emergency Response Center (ASEC) have categorized PerlBot into three distinct groups: LiGhT’s Modded perlbot v2, DDoS PBot v2.0, and PowerBots (C) GohacK. These versions support multiple DDoS attack commands using HTTP, TCP, and UDP protocols. In March 2023, ASEC disclosed that mismanaged Linux SSH servers were being targeted by these new strains of ShellBot malware, leading to a significant increase in cyberattacks. The abuse of vulnerabilities such as CVE-2022-46169 and CVE-2021-35394 has been observed in delivering PerlBot, according to Fortinet FortiGuard Labs. The high CVSS scores of these vulnerabilities (9.8 each) indicate their severity and potential impact. To mitigate the risks associated with PerlBot, organizations are advised to manage their Linux SSH servers properly, keep software up-to-date, and implement robust security measures.

Description last updated: 2024-05-04T20:37:17.642Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Shellbot	2	ShellBot is a malicious software (malware) that has been targeting poorly managed Linux SSH servers. The malware, which was detected in multiple variants, is primarily being used to carry out distributed denial-of-service (DDoS) attacks. ShellBot exploits the Cacti bug and uses it as a primary lever

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ddos

Malware

Linux

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Perlbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
Securityaffairs	a year ago	Moobot botnet spreads by targeting Cacti and RealTek flaws
CERT-EU	a year ago	Shell DDoS Malware Attacks Poorly Managed Linux SSH Servers
CERT-EU	a year ago	Links 21/03/2023: JDK 20 and GNOME 43.5
CERT-EU	a year ago	Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
CERT-EU	a year ago	Beware bad passwords as attackers co-opt Linux servers into cybercrime
CERT-EU	a year ago	New .NET developer-targeted attack leverages malicious NuGet packages
Securityaffairs	a year ago	New ShellBot bot targets poorly managed Linux SSH Servers