SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.perlbot (Back to overview)

PerlBot

aka: ShellBot, DDoS Perl IrcBot
URLhaus    

There is no description at this point.

References
2023-06-20AhnLabASEC
@online{asec:20230620:tsunami:bbf63b6, author = {ASEC}, title = {{Tsunami DDoS Malware Distributed to Linux SSH Servers}}, date = {2023-06-20}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/54647/}, language = {English}, urldate = {2023-08-07} } Tsunami DDoS Malware Distributed to Linux SSH Servers
PerlBot Tsunami
2023-03-17AhnLabASEC
@online{asec:20230317:shellbot:93d3ae5, author = {ASEC}, title = {{ShellBot Malware Being Distributed to Linux SSH Servers}}, date = {2023-03-17}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/49769/}, language = {English}, urldate = {2023-03-20} } ShellBot Malware Being Distributed to Linux SSH Servers
PerlBot
2022-05-20Palo Alto Networks Unit 42Ruchna Nigam
@online{nigam:20220520:threat:b0d781e, author = {Ruchna Nigam}, title = {{Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)}}, date = {2022-05-20}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/}, language = {English}, urldate = {2023-08-28} } Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)
Bashlite Mirai PerlBot
2022-02-25360 netlabGhost
@online{ghost:20220225:some:268b2df, author = {Ghost}, title = {{Some details of the DDoS attacks targeting Ukraine and Russia in recent days}}, date = {2022-02-25}, organization = {360 netlab}, url = {https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/}, language = {English}, urldate = {2022-03-02} } Some details of the DDoS attacks targeting Ukraine and Russia in recent days
Bashlite Mirai MooBot PerlBot
2021-11-02sysdigAlberto Pellitteri
@online{pellitteri:20211102:malware:f179adb, author = {Alberto Pellitteri}, title = {{Malware analysis: Hands-On Shellbot malware}}, date = {2021-11-02}, organization = {sysdig}, url = {https://sysdig.com/blog/malware-analysis-shellbot-sysdig/}, language = {English}, urldate = {2021-11-08} } Malware analysis: Hands-On Shellbot malware
PerlBot
2021-05-12The RecordCatalin Cimpanu
@online{cimpanu:20210512:agents:975c354, author = {Catalin Cimpanu}, title = {{Agents raid home of Kansas man seeking info on botnet that infected DOD network}}, date = {2021-05-12}, organization = {The Record}, url = {https://therecord.media/agents-raid-home-of-kansas-man-seeking-info-on-botnet-that-infected-dod-network/}, language = {English}, urldate = {2021-05-13} } Agents raid home of Kansas man seeking info on botnet that infected DOD network
PerlBot
2021-01-13Brian Stadnicki
@online{stadnicki:20210113:gitlab:d27b2e3, author = {Brian Stadnicki}, title = {{Gitlab RCE Stealth Shellbot}}, date = {2021-01-13}, url = {https://brianstadnicki.github.io/posts/malware-gitlab-perlbot/}, language = {English}, urldate = {2022-01-15} } Gitlab RCE Stealth Shellbot
PerlBot
2020-12-18Trend MicroDavid Fiser
@online{fiser:20201218:teamtnt:3d5abe1, author = {David Fiser}, title = {{TeamTNT Now Deploying DDoS-Capable IRC Bot TNTbotinger}}, date = {2020-12-18}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/l/teamtnt-now-deploying-ddos-capable-irc-bot-tntbotinger.html}, language = {English}, urldate = {2020-12-23} } TeamTNT Now Deploying DDoS-Capable IRC Bot TNTbotinger
PerlBot TNTbotinger TeamTNT
2020-12-10US-CERTUS-CERT, FBI, MS-ISAC
@online{uscert:20201210:alert:a5ec77e, author = {US-CERT and FBI and MS-ISAC}, title = {{Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data}}, date = {2020-12-10}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/alerts/aa20-345a}, language = {English}, urldate = {2020-12-11} } Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus
2020-09-22Twitter (@Nocturnus)Cybereason Nocturnus
@online{nocturnus:20200922:outlaw:e50621a, author = {Cybereason Nocturnus}, title = {{Tweet on Outlaw Group using IRCBot, SSH bruteforce tool, port Scanner, and an XMRIG crypto miner for their hacking operation}}, date = {2020-09-22}, organization = {Twitter (@Nocturnus)}, url = {https://twitter.com/Nocturnus/status/1308430959512092673}, language = {English}, urldate = {2020-09-25} } Tweet on Outlaw Group using IRCBot, SSH bruteforce tool, port Scanner, and an XMRIG crypto miner for their hacking operation
PerlBot
2020-09-03Palo Alto Networks Unit 42Haozhe Zhang, Qi Deng, Zhibin Zhang, Ruchna Nigam
@online{zhang:20200903:exploits:08e8287, author = {Haozhe Zhang and Qi Deng and Zhibin Zhang and Ruchna Nigam}, title = {{Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496}}, date = {2020-09-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cve-2020-17496/}, language = {English}, urldate = {2023-08-28} } Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
Mirai PerlBot
2020-05-18Palo Alto Networks Unit 42Asher Davila, Yang Ji
@online{davila:20200518:eleethub:d605473, author = {Asher Davila and Yang Ji}, title = {{Eleethub: A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding}}, date = {2020-05-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/los-zetas-from-eleethub-botnet/}, language = {English}, urldate = {2020-05-20} } Eleethub: A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding
PerlBot
2020-04-28YoroiAntonio Pirozzi, Luigi Martire, Pierluigi Paganini
@online{pirozzi:20200428:outlaw:e4da556, author = {Antonio Pirozzi and Luigi Martire and Pierluigi Paganini}, title = {{Outlaw is Back, a New Crypto-Botnet Targets European Organizations}}, date = {2020-04-28}, organization = {Yoroi}, url = {https://yoroi.company/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/}, language = {English}, urldate = {2021-06-16} } Outlaw is Back, a New Crypto-Botnet Targets European Organizations
Cpuminer PerlBot
2019-02-05JaskRod Soto, Darren Spruell, Kevin Stear
@techreport{soto:20190205:path:7de2c6b, author = {Rod Soto and Darren Spruell and Kevin Stear}, title = {{The Path of an Outlaw, a Shellbot Campaign}}, date = {2019-02-05}, institution = {Jask}, url = {https://jask.com/wp-content/uploads/2019/02/Shellbot-Campaign_v2.pdf}, language = {English}, urldate = {2019-12-10} } The Path of an Outlaw, a Shellbot Campaign
PerlBot
2018-11Trend MicroTrendmicro
@techreport{trendmicro:201811:perlbased:542ede8, author = {Trendmicro}, title = {{Perl-Based Shellbot Looks to Target Organizations via C&C}}, date = {2018-11}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/Perl-Based_Shellbot_Looks_to_Target_Organizations_via_C&C_appendix.pdf}, language = {English}, urldate = {2020-01-07} } Perl-Based Shellbot Looks to Target Organizations via C&C
Haiduc PerlBot

There is no Yara-Signature yet.