ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

The threat actors behind ShellBot are leveraging IP addresses transformed into its hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value," the AhnLab Security Emergency response Center (ASEC)

Posted from: Click here for the full article.

留言

此網誌的熱門文章

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation