Куда я попал?
Windigo
The Windigo group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the Ebury SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, Windigo operators continued updating Ebury through 2019.(Citation: ESET Windigo Mar 2014)(Citation: CERN Windigo June 2019)
ID: G0124
Associated Groups:
Version: 1.0
Created: 10 Feb 2021
Last Modified: 26 Apr 2021
Associated Group Descriptions |
|
| Name | Description |
|---|---|
Software |
|||
| ID | Name | References | Techniques |
|---|---|---|---|
| S0377 | Ebury | (Citation: BleepingComputer Ebury March 2017) (Citation: ESET Ebury Feb 2014) (Citation: ESET Ebury Oct 2017) | Rootkit, File and Directory Discovery, Pluggable Authentication Modules, DNS, Disable or Modify Tools, Fallback Channels, Deobfuscate/Decode Files or Information, Modify Authentication Process, Automated Exfiltration, Symmetric Cryptography, Compromise Client Software Binary, Obfuscated Files or Information, Indicator Blocking, Standard Encoding, Python, Dynamic Linker Hijacking, Code Signing, Private Keys, Exfiltration Over C2 Channel, Domain Generation Algorithms |
References
- Bilodeau, O., Bureau, M., Calvet, J., Dorais-Joncas, A., Léveillé, M., Vanheuverzwijn, B. (2014, March 18). Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign. Retrieved February 10, 2021.
- Dumont, R., M.Léveillé, M., Porcher, H. (2018, December 1). THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors. Retrieved July 16, 2020.
- Vachon, F. (2017, October 30). Windigo Still not Windigone: An Ebury Update . Retrieved February 10, 2021.
- CERN. (2019, June 4). 2019/06/04 Advisory: Windigo attacks. Retrieved February 10, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.