ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses Posted By Sanseo , October 12, 2023 AhnLab Security Emergency response Center (ASEC) has recently discovered a change in the distribution method of the ShellBot malware, which is being installed on poorly managed Linux SSH servers. The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value. 1. Past Case of URL Detection Evasion Typically, IP addresses are used in the “dot-decimal notation” format, with threat actors using addresses…
