SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.ebury (Back to overview)

Ebury


This payload has been used to compromise kernel.org back in August of 2011 and has hit cPanel Support which in turn, has infected quite a few cPanel servers. It is a credential stealing payload which steals SSH keys, passwords, and potentially other credentials.

This family is part of a wider range of tools which are described in detail in the operation windigo whitepaper by ESET.

References
2021-04-21CSIRT ItaliaCSIRT Italia
Windigo footprints: an Ebury variant
Ebury
2019-06-04CERNCERN Computer Security
Advisory: Windigo attacks
Ebury
2018-12-05ESET ResearchMarc-Etienne M.Léveillé
The Dark Side of the ForSSHe
Ebury
2018-12-01ESET ResearchHugo Porcher, Marc-Etienne M.Léveillé, Romain Dumont
THE DARK SIDE OF THE FORSSHE: A landscape of OpenSSH backdoors
Ebury
2017-10-30ESET ResearchFrédéric Vachon
Windigo Still not Windigone: An Ebury Update
Ebury
2017-03-28Department of JusticeOffice of Public Affairs
Russian Citizen Pleads Guilty for Involvement in Global Botnet Conspiracy
Ebury
2014-10-15ESET ResearchOlivier Bilodeau
Operation Windigo: “Good job, ESET!” says malware author
Ebury
2014-03-01ESET ResearchAlexis Dorais-Joncas, Benjamin Vanheuverzwijn, Joan Calvet, Marc-Etienne M.Léveillé, Olivier Bilodeau, Pierre-Marc Bureau
OPERATION WINDIGO
Ebury
2014-02-21ESET ResearchMarc-Etienne M.Léveillé
An In‑depth Analysis of Linux/Ebury
Ebury

There is no Yara-Signature yet.