Trusted Design

Windigo Still not Windigone: An Ebury Update

概要

Back in February 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury. Further research showed that this component was the core of an operation involving multiple malware families we called “Operation Windigo”. This led to the publication of a whitepaper covering the full operation. In February 2017, we found a new Ebury sample, that introduces a significant number of new features. The version number was bumped to 1.6.2a. At the time of that discovery, the latest versions we had seen were 1.5.x, months before. After further investigation, we realized that its infrastructure for exfiltrating credentials was still operational and that Ebury was still being actively used by the Windigo gang.

Created: 2026-02-23

Indicators

類似Pulses

BlackEnergy by the SSHBearDoor (score: 0.60)
StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved? (score: 0.59)
20160119: Ukraine Power Industry Cyberattacks (score: 0.56)
Duke APT group's latest tools: cloud services and Linux support (score: 0.55)
Aggressive Malware Pushers: Prolific Cyber Surfers Beware (score: 0.55)

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 12.44

Matched TTPs:

T1069 - Permission Groups Discovery
T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1003.003 - NTDS
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Scattered Spider

Score: 10.97

Matched TTPs:

T1069 - Permission Groups Discovery
T1082 - System Information Discovery
T1217 - Browser Information Discovery
T1588.002 - Tool
T1003.003 - NTDS

MITREへのリンク →

TA505

Score: 4.13

Matched TTPs:

T1069 - Permission Groups Discovery
T1588.002 - Tool

MITREへのリンク →

Volt Typhoon

Score: 13.82

Matched TTPs:

T1069 - Permission Groups Discovery
T1190 - Exploit Public-Facing Application
T1217 - Browser Information Discovery
T1588.002 - Tool
T1003.003 - NTDS
T1124 - System Time Discovery

MITREへのリンク →

APT3

Score: 4.49

Matched TTPs:

T1069 - Permission Groups Discovery
T1082 - System Information Discovery

MITREへのリンク →

FIN13

Score: 9.15

Matched TTPs:

T1069 - Permission Groups Discovery
T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1003.003 - NTDS

MITREへのリンク →

OilRig

Score: 16.11

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1137.004 - Outlook Home Page
T1573.002 - Asymmetric Cryptography
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates

MITREへのリンク →

ZIRCONIUM

Score: 3.80

Matched TTPs:

T1082 - System Information Discovery
T1124 - System Time Discovery

MITREへのリンク →

Blue Mockingbird

Score: 3.52

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Darkhotel

Score: 7.93

Matched TTPs:

T1082 - System Information Discovery
T1497.002 - User Activity Based Checks
T1124 - System Time Discovery

MITREへのリンク →

TA2541

Score: 4.80

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Rocke

Score: 5.96

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1102.001 - Dead Drop Resolver

MITREへのリンク →

APT32

Score: 4.72

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

Lazarus Group

Score: 8.78

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery

MITREへのリンク →

Moses Staff

Score: 3.52

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Higaisa

Score: 3.80

Matched TTPs:

T1082 - System Information Discovery
T1124 - System Time Discovery

MITREへのリンク →

CURIUM

Score: 3.80

Matched TTPs:

T1082 - System Information Discovery
T1124 - System Time Discovery

MITREへのリンク →

RedCurl

Score: 3.95

Matched TTPs:

T1082 - System Information Discovery
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

APT38

Score: 5.34

Matched TTPs:

T1082 - System Information Discovery
T1217 - Browser Information Discovery
T1588.002 - Tool

MITREへのリンク →

Mustang Panda

Score: 11.68

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution
T1003.003 - NTDS

MITREへのリンク →

FIN7

Score: 12.92

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1497.002 - User Activity Based Checks
T1588.002 - Tool
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Kimsuky

Score: 12.63

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1102.001 - Dead Drop Resolver
T1078.003 - Local Accounts

MITREへのリンク →

MuddyWater

Score: 3.52

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Sidewinder

Score: 3.80

Matched TTPs:

T1082 - System Information Discovery
T1124 - System Time Discovery

MITREへのリンク →

Magic Hound

Score: 6.96

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1589.001 - Credentials

MITREへのリンク →

Play

Score: 6.19

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

APT42

Score: 4.80

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

FIN8

Score: 7.95

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1588.003 - Code Signing Certificates

MITREへのリンク →

Tropic Trooper

Score: 6.62

Matched TTPs:

T1082 - System Information Discovery
T1573.002 - Asymmetric Cryptography
T1078.003 - Local Accounts

MITREへのリンク →

Mustard Tempest

Score: 5.74

Matched TTPs:

T1082 - System Information Discovery
T1608.006 - SEO Poisoning

MITREへのリンク →

Wizard Spider

Score: 11.17

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates
T1003.003 - NTDS

MITREへのリンク →

Turla

Score: 10.93

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1555.004 - Windows Credential Manager
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Patchwork

Score: 5.34

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Medusa Group

Score: 13.15

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1650 - Acquire Access
T1003.003 - NTDS

MITREへのリンク →

Stealth Falcon

Score: 4.83

Matched TTPs:

T1082 - System Information Discovery
T1555.004 - Windows Credential Manager

MITREへのリンク →

Moonstone Sleet

Score: 4.49

Matched TTPs:

T1082 - System Information Discovery
T1217 - Browser Information Discovery

MITREへのリンク →

Sandworm Team

Score: 5.87

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1003.003 - NTDS

MITREへのリンク →

Ke3chang

Score: 5.87

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1003.003 - NTDS

MITREへのリンク →

Threat Group-3390

Score: 5.47

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1588.003 - Code Signing Certificates

MITREへのリンク →

APT28

Score: 17.17

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1546.015 - Component Object Model Hijacking
T1589.001 - Credentials
T1137.002 - Office Test
T1003.003 - NTDS

MITREへのリンク →

BlackTech

Score: 5.47

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1588.003 - Code Signing Certificates

MITREへのリンク →

Sea Turtle

Score: 4.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

Fox Kitten

Score: 7.10

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1217 - Browser Information Discovery
T1003.003 - NTDS

MITREへのリンク →

menuPass

Score: 4.66

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1003.003 - NTDS

MITREへのリンク →

APT29

Score: 4.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

Leviathan

Score: 4.91

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1589.001 - Credentials

MITREへのリンク →

UNC3886

Score: 8.19

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1205.001 - Port Knocking
T1124 - System Time Discovery

MITREへのリンク →

Dragonfly

Score: 4.66

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1003.003 - NTDS

MITREへのリンク →

Axiom

Score: 6.01

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1001.002 - Steganography

MITREへのリンク →

HAFNIUM

Score: 6.48

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1003.003 - NTDS
T1078.003 - Local Accounts

MITREへのリンク →

Chimera

Score: 12.51

Matched TTPs:

T1217 - Browser Information Discovery
T1588.002 - Tool
T1589.001 - Credentials
T1003.003 - NTDS
T1124 - System Time Discovery

MITREへのリンク →

PROMETHIUM

Score: 6.80

Matched TTPs:

T1205.001 - Port Knocking
T1078.003 - Local Accounts

MITREへのリンク →

DarkVishnya

Score: 5.39

Matched TTPs:

T1588.002 - Tool
T1200 - Hardware Additions

MITREへのリンク →

LAPSUS$

Score: 10.76

Matched TTPs:

T1588.002 - Tool
T1531 - Account Access Removal
T1589.001 - Credentials
T1003.003 - NTDS

MITREへのリンク →

BRONZE BUTLER

Score: 6.73

Matched TTPs:

T1588.002 - Tool
T1124 - System Time Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

FIN6

Score: 5.94

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1003.003 - NTDS

MITREへのリンク →

Cobalt Group

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

FIN10

Score: 3.52

Matched TTPs:

T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

Akira

Score: 4.13

Matched TTPs:

T1531 - Account Access Removal

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1078.003 - Local Accounts

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82

Matched TTPs:

T1137.002 - Office Test
T1546.015 - Component Object Model Hijacking
T1190 - Exploit Public-Facing Application
T1589.001 - Credentials
T1588.002 - Tool
T1003.003 - NTDS

MITREへのリンク →

OilRig

Score: 0.75

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1588.003 - Code Signing Certificates
T1082 - System Information Discovery
T1137.004 - Outlook Home Page
T1588.002 - Tool
T1555.004 - Windows Credential Manager

MITREへのリンク →

FIN7

Score: 0.68

Matched TTPs:

T1124 - System Time Discovery
T1082 - System Information Discovery
T1497.002 - User Activity Based Checks
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

Medusa Group

Score: 0.66

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1003.003 - NTDS
T1588.002 - Tool
T1650 - Acquire Access

MITREへのリンク →

Volt Typhoon

Score: 0.65

Matched TTPs:

T1124 - System Time Discovery
T1217 - Browser Information Discovery
T1069 - Permission Groups Discovery
T1190 - Exploit Public-Facing Application
T1003.003 - NTDS
T1588.002 - Tool

MITREへのリンク →

APT41

Score: 0.62

Matched TTPs:

T1069 - Permission Groups Discovery
T1082 - System Information Discovery
T1102.001 - Dead Drop Resolver
T1190 - Exploit Public-Facing Application
T1003.003 - NTDS
T1588.002 - Tool

MITREへのリンク →

Kimsuky

Score: 0.60

Matched TTPs:

T1588.003 - Code Signing Certificates
T1082 - System Information Discovery
T1102.001 - Dead Drop Resolver
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

Chimera

Score: 0.60

Matched TTPs:

T1124 - System Time Discovery
T1217 - Browser Information Discovery
T1589.001 - Credentials
T1003.003 - NTDS
T1588.002 - Tool

MITREへのリンク →

Wizard Spider

Score: 0.57

Matched TTPs:

T1588.003 - Code Signing Certificates
T1082 - System Information Discovery
T1003.003 - NTDS
T1588.002 - Tool
T1555.004 - Windows Credential Manager

MITREへのリンク →

Turla

Score: 0.57

Matched TTPs:

T1124 - System Time Discovery
T1082 - System Information Discovery
T1588.002 - Tool
T1078.003 - Local Accounts
T1555.004 - Windows Credential Manager

MITREへのリンク →

Scattered Spider

Score: 0.56

Matched TTPs:

T1069 - Permission Groups Discovery
T1082 - System Information Discovery
T1217 - Browser Information Discovery
T1003.003 - NTDS
T1588.002 - Tool

MITREへのリンク →

Mustang Panda

Score: 0.56

Matched TTPs:

T1588.003 - Code Signing Certificates
T1082 - System Information Discovery
T1027.007 - Dynamic API Resolution
T1003.003 - NTDS
T1588.002 - Tool

MITREへのリンク →

LAPSUS$

Score: 0.55

Matched TTPs:

T1531 - Account Access Removal
T1589.001 - Credentials
T1588.002 - Tool
T1003.003 - NTDS

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る