ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses
released on 2023-10-12 @ 07:22:58 PM
AhnLab Security Emergency response Center (ASEC) has recently discovered a change in the distribution method of the ShellBot malware, which is being installed on poorly managed Linux SSH servers. The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value.