[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)

This diary documents that the long-running Outlaw/Shellbot 'mdrfckr' SSH campaign continues to deploy the same persistent public key (authorized_keys SHA-256 a8460f44...) but has migrated its SSH client to libssh_0.11.1 producing a new hassh (03a80b21afa810682a776a7d42e5e6fb); the author observed 24 source IPs and provides IOCs (SHA-256, public key comment 'mdrfckr', hassh, client banner, credential list, burst window) plus detection guidance to prefer the stable key and playbook signatures over older hassh values.