Куда я попал?
Windigo
The Windigo group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the Ebury SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, Windigo operators continued updating Ebury through 2019.(Citation: ESET Windigo Mar 2014)(Citation: CERN Windigo June 2019)
ID: G0124
Associated Groups:
Version: 1.0
Created: 10 Feb 2021
Last Modified: 25 Apr 2025
Associated Group Descriptions |
|
| Name | Description |
|---|---|
Software |
|||
| ID | Name | References | Techniques |
|---|---|---|---|
| S0377 | Ebury | (Citation: BleepingComputer Ebury March 2017) (Citation: ESET Ebury Feb 2014) (Citation: ESET Ebury May 2024) (Citation: ESET Ebury Oct 2017) | Standard Encoding, Pluggable Authentication Modules, Shared Modules, Rootkit, Domain Generation Algorithms, DNS, Symmetric Cryptography, Code Signing, Deobfuscate/Decode Files or Information, Disable or Modify Linux Audit System, Private Keys, Dynamic Linker Hijacking, Indicator Blocking, Automated Exfiltration, File and Directory Discovery, Exfiltration Over C2 Channel, Compromise Host Software Binary, Unix Shell, Disable or Modify Tools, Obfuscated Files or Information, Python, Fallback Channels, Modify Authentication Process |
References
- CERN. (2019, June 4). 2019/06/04 Advisory: Windigo attacks. Retrieved February 10, 2021.
- Vachon, F. (2017, October 30). Windigo Still not Windigone: An Ebury Update . Retrieved February 10, 2021.
- Dumont, R., M.Léveillé, M., Porcher, H. (2018, December 1). THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors. Retrieved July 16, 2020.
- Bilodeau, O., Bureau, M., Calvet, J., Dorais-Joncas, A., Léveillé, M., Vanheuverzwijn, B. (2014, March 18). Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign. Retrieved February 10, 2021.
Навигация
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.