Skuggaheimar/Threat Intelligence/Perl ShellBot
PERL SHELLBOT
SHELLBOT
SECURITY TOOL / TECHNIQUE
ECRIME
Threat IntelligenceMalwareMay 26, 202515 min read

Perl ShellBot: Threat Intelligence Profile

IRC-based Perl backdoor

Scroll

Perl ShellBot (also known as ShellBot, PerlBot) is a security tool / technique active since 2005. IRC-based Perl backdoor. Key characteristics include: IRC C2, DDoS, port scanning, command execution, targets Linux servers via CVE exploitation.

Overview & Background

IRC-based Perl backdoor. First identified in 2005, this threat is attributed to eCrime.

Threat Assessment

Perl ShellBot remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this security tool / technique.

Technical Analysis

Perl ShellBot employs the following capabilities and techniques:

MITRE ATT&CK Mapping

TacticTechniqueUsage
Initial AccessT1566.001 Phishing AttachmentCommon delivery vector
ExecutionT1204.002 Malicious FileUser-triggered execution
PersistenceT1547.001 Registry Run KeysAutostart persistence
Defense EvasionT1027 Obfuscated FilesPayload obfuscation
C2T1071.001 Web ProtocolsHTTP/HTTPS C2

Detection & Defense

Defend Against Perl ShellBot

Mjolnir Security provides detection and response capabilities against Perl ShellBot and similar threats.

Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
  • Proactive Threat Hunting Hunt for Perl ShellBot indicators and TTPs within your environment.
  • Threat Intelligence Monitor Perl ShellBot campaigns and infrastructure changes.
  • 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security  |  Published: May 26, 2025
Related Reports
Tool

Cobalt Strike: Adversary's Arsenal

Read Report →
Tool

Metasploit Framework

Read Report →