It was not - attacker ran an exploit that have him a remote shell access. No shellcode was involved (that's for binary exploits which is not what happened here)