Perlbot

Malware updated 23 days ago (2024-11-29T14:27:46.343Z)
Download STIX
Preview STIX
PerlBot, also known as ShellBot, is a harmful malware developed using the Perl programming language. This Distributed Denial of Service (DDoS) bot is designed to exploit poorly managed Linux SSH servers, primarily through dictionary attacks on weak SSH credentials. It uses the IRC protocol for Command and Control (C2) communications, enabling it to steal information, disrupt operations, and potentially hold data hostage. The malware can be delivered to systems via suspicious downloads, emails, or websites without the user's knowledge. Researchers from AhnLab Security Emergency Response Center (ASEC) have categorized PerlBot into three distinct groups: LiGhT’s Modded perlbot v2, DDoS PBot v2.0, and PowerBots (C) GohacK. These versions support multiple DDoS attack commands using HTTP, TCP, and UDP protocols. In March 2023, ASEC disclosed that mismanaged Linux SSH servers were being targeted by these new strains of ShellBot malware, leading to a significant increase in cyberattacks. The abuse of vulnerabilities such as CVE-2022-46169 and CVE-2021-35394 has been observed in delivering PerlBot, according to Fortinet FortiGuard Labs. The high CVSS scores of these vulnerabilities (9.8 each) indicate their severity and potential impact. To mitigate the risks associated with PerlBot, organizations are advised to manage their Linux SSH servers properly, keep software up-to-date, and implement robust security measures.
Description last updated: 2024-05-04T20:37:17.642Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Shellbot is a possible alias for Perlbot. ShellBot is a malicious software (malware) variant that has been actively targeting poorly managed Linux SSH servers. As reported by Hacker News and HackRead in March 2023, this Perl-based DDoS bot deploys different variants to exploit these servers. ShellBot, along with another DDoS malware called
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ddos
Malware
Linux
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Perlbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more