This payload has been used to compromise kernel.org back in August of 2011 and has hit cPanel Support which in turn, has infected quite a few cPanel servers. It is a credential stealing payload which steals SSH keys, passwords, and potentially other credentials.
This family is part of a wider range of tools which are described in detail in the operation windigo whitepaper by ESET.
|2021-04-21 ⋅ CSIRT Italia ⋅ |
Windigo footprints: an Ebury variant
|2019-06-04 ⋅ CERN ⋅ |
2019/06/04 Advisory: Windigo attacks
|2018-12-05 ⋅ ESET Research ⋅ |
The Dark Side of the ForSSHe
|2018-12-01 ⋅ ESET Research ⋅ |
THE DARK SIDE OF THE FORSSHE: A landscape of OpenSSH backdoors
|2017-10-30 ⋅ ESET Research ⋅ |
Windigo Still not Windigone: An Ebury Update
|2017-03-28 ⋅ Department of Justice ⋅ |
Russian Citizen Pleads Guilty for Involvement in Global Botnet Conspiracy
|2014-03 ⋅ ESET Research ⋅ |
|2014-02-21 ⋅ ESET Research ⋅ |
An In‑depth Analysis of Linux/Ebury
There is no Yara-Signature yet.