ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

ShellBot’s threat actors use IP addresses converted to hexadecimal notation to infiltrate poorly maintained Linux SSH servers and deliver DDoS malware. “The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value,” according to a new study issued today by the AhnLab Security Emergency Response Center (ASEC).

ShellBot, also known as PerlBot, is reported to employ a dictionary attack to compromise servers with weak SSH credentials, with the malware acting as a conduit to orchestrate DDoS attacks and deliver cryptocurrency miners. The malware, written in Perl, communicates with a command-and-control (C2) server via the IRC protocol.

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

12-Oct-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address