cShell DDoS Bot Attack Case Targeting Linux SSH Server (screen and hping3)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new DDoS malware strain named cShell is targeting poorly managed Linux servers through SSH services. The threat actor uses brute force attacks to gain initial access, then installs the cShell bot developed in Go language. cShell exploits Linux tools 'screen' and 'hping3' to perform various DDoS attacks. It supports multiple DDoS commands, including SYN, ACK, and UDP floods. The malware maintains persistence by registering as a service and can update itself using Pastebin URLs. cShell's simple design leverages existing Linux tools, making it an effective DDoS bot. To protect against such attacks, administrators should use strong passwords, regularly update systems, and implement security measures like firewalls.
OPENCTI LABELS :
linux,botnet,brute-force,ddos,ssh,carm,hping3,go-language,cshell,screen
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
cShell DDoS Bot Attack Case Targeting Linux SSH Server (screen and hping3)