Trusted Design

Windigo Still not Windigone: An Ebury Update

概要

Back in February 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury. Further research showed that this component was the core of an operation involving multiple malware families we called “Operation Windigo”. This led to the publication of a whitepaper covering the full operation. In February 2017, we found a new Ebury sample, that introduces a significant number of new features. The version number was bumped to 1.6.2a. At the time of that discovery, the latest versions we had seen were 1.5.x, months before. After further investigation, we realized that its infrastructure for exfiltrating credentials was still operational and that Ebury was still being actively used by the Windigo gang.

Created: 2026-02-23

Indicators

類似Pulses

BlackEnergy by the SSHBearDoor (score: 0.60)
StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved? (score: 0.59)
20160119: Ukraine Power Industry Cyberattacks (score: 0.56)
Duke APT group's latest tools: cloud services and Linux support (score: 0.55)
Aggressive Malware Pushers: Prolific Cyber Surfers Beware (score: 0.55)

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 12.44

Matched TTPs:

T1560.003 - Archive via Custom Method
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation
T1008 - Fallback Channels

MITREへのリンク →

Scattered Spider

Score: 10.97

Matched TTPs:

T1560.003 - Archive via Custom Method
T1120 - Peripheral Device Discovery
T1491 - Defacement
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation

MITREへのリンク →

TA505

Score: 4.13

Matched TTPs:

T1560.003 - Archive via Custom Method
T1199 - Trusted Relationship

MITREへのリンク →

Volt Typhoon

Score: 13.82

Matched TTPs:

T1560.003 - Archive via Custom Method
T1140 - Deobfuscate/Decode Files or Information
T1491 - Defacement
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation
T1578.001 - Create Snapshot

MITREへのリンク →

APT3

Score: 4.49

Matched TTPs:

T1560.003 - Archive via Custom Method
T1120 - Peripheral Device Discovery

MITREへのリンク →

FIN13

Score: 9.15

Matched TTPs:

T1560.003 - Archive via Custom Method
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation

MITREへのリンク →

OilRig

Score: 16.11

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1592.002 - Software
T1128 - Netsh Helper DLL
T1556.009 - Conditional Access Policies
T1526 - Cloud Service Discovery

MITREへのリンク →

ZIRCONIUM

Score: 3.80

Matched TTPs:

T1120 - Peripheral Device Discovery
T1578.001 - Create Snapshot

MITREへのリンク →

Blue Mockingbird

Score: 3.52

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Darkhotel

Score: 7.93

Matched TTPs:

T1120 - Peripheral Device Discovery
T1564.002 - Hidden Users
T1578.001 - Create Snapshot

MITREへのリンク →

TA2541

Score: 4.80

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

Rocke

Score: 5.96

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1008 - Fallback Channels

MITREへのリンク →

APT32

Score: 4.72

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Lazarus Group

Score: 8.78

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot

MITREへのリンク →

Moses Staff

Score: 3.52

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Higaisa

Score: 3.80

Matched TTPs:

T1120 - Peripheral Device Discovery
T1578.001 - Create Snapshot

MITREへのリンク →

CURIUM

Score: 3.80

Matched TTPs:

T1120 - Peripheral Device Discovery
T1578.001 - Create Snapshot

MITREへのリンク →

RedCurl

Score: 3.95

Matched TTPs:

T1120 - Peripheral Device Discovery
T1128 - Netsh Helper DLL

MITREへのリンク →

APT38

Score: 5.34

Matched TTPs:

T1120 - Peripheral Device Discovery
T1491 - Defacement
T1199 - Trusted Relationship

MITREへのリンク →

Mustang Panda

Score: 11.68

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage
T1548.006 - TCC Manipulation

MITREへのリンク →

FIN7

Score: 12.92

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1564.002 - Hidden Users
T1199 - Trusted Relationship
T1578.001 - Create Snapshot
T1490 - Inhibit System Recovery

MITREへのリンク →

Kimsuky

Score: 12.63

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1008 - Fallback Channels
T1490 - Inhibit System Recovery

MITREへのリンク →

MuddyWater

Score: 3.52

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Sidewinder

Score: 3.80

Matched TTPs:

T1120 - Peripheral Device Discovery
T1578.001 - Create Snapshot

MITREへのリンク →

Magic Hound

Score: 6.96

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1592.003 - Firmware

MITREへのリンク →

Play

Score: 6.19

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

APT42

Score: 4.80

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

FIN8

Score: 7.95

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1526 - Cloud Service Discovery

MITREへのリンク →

Tropic Trooper

Score: 6.62

Matched TTPs:

T1120 - Peripheral Device Discovery
T1128 - Netsh Helper DLL
T1490 - Inhibit System Recovery

MITREへのリンク →

Mustard Tempest

Score: 5.74

Matched TTPs:

T1120 - Peripheral Device Discovery
T1543.002 - Systemd Service

MITREへのリンク →

Wizard Spider

Score: 11.17

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1556.009 - Conditional Access Policies
T1526 - Cloud Service Discovery
T1548.006 - TCC Manipulation

MITREへのリンク →

Turla

Score: 10.93

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1556.009 - Conditional Access Policies
T1578.001 - Create Snapshot
T1490 - Inhibit System Recovery

MITREへのリンク →

Patchwork

Score: 5.34

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1008 - Fallback Channels

MITREへのリンク →

Medusa Group

Score: 13.15

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1598 - Phishing for Information
T1548.006 - TCC Manipulation

MITREへのリンク →

Stealth Falcon

Score: 4.83

Matched TTPs:

T1120 - Peripheral Device Discovery
T1556.009 - Conditional Access Policies

MITREへのリンク →

Moonstone Sleet

Score: 4.49

Matched TTPs:

T1120 - Peripheral Device Discovery
T1491 - Defacement

MITREへのリンク →

Sandworm Team

Score: 5.87

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation

MITREへのリンク →

Ke3chang

Score: 5.87

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation

MITREへのリンク →

Threat Group-3390

Score: 5.47

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery

MITREへのリンク →

APT28

Score: 17.17

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1548.004 - Elevated Execution with Prompt
T1592.003 - Firmware
T1588.003 - Code Signing Certificates
T1548.006 - TCC Manipulation

MITREへのリンク →

BlackTech

Score: 5.47

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery

MITREへのリンク →

Sea Turtle

Score: 4.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Fox Kitten

Score: 7.10

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1491 - Defacement
T1548.006 - TCC Manipulation

MITREへのリンク →

menuPass

Score: 4.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation

MITREへのリンク →

APT29

Score: 4.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Leviathan

Score: 4.91

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1592.003 - Firmware

MITREへのリンク →

UNC3886

Score: 8.19

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.015 - Login Items
T1578.001 - Create Snapshot

MITREへのリンク →

Dragonfly

Score: 4.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation

MITREへのリンク →

Axiom

Score: 6.01

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1160 - Launch Daemon

MITREへのリンク →

HAFNIUM

Score: 6.48

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1548.006 - TCC Manipulation
T1490 - Inhibit System Recovery

MITREへのリンク →

Chimera

Score: 12.51

Matched TTPs:

T1491 - Defacement
T1199 - Trusted Relationship
T1592.003 - Firmware
T1548.006 - TCC Manipulation
T1578.001 - Create Snapshot

MITREへのリンク →

PROMETHIUM

Score: 6.80

Matched TTPs:

T1547.015 - Login Items
T1490 - Inhibit System Recovery

MITREへのリンク →

DarkVishnya

Score: 5.39

Matched TTPs:

T1199 - Trusted Relationship
T1213.003 - Code Repositories

MITREへのリンク →

LAPSUS$

Score: 10.76

Matched TTPs:

T1199 - Trusted Relationship
T1601 - Modify System Image
T1592.003 - Firmware
T1548.006 - TCC Manipulation

MITREへのリンク →

BRONZE BUTLER

Score: 6.73

Matched TTPs:

T1199 - Trusted Relationship
T1578.001 - Create Snapshot
T1008 - Fallback Channels

MITREへのリンク →

FIN6

Score: 5.94

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1548.006 - TCC Manipulation

MITREへのリンク →

Cobalt Group

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

FIN10

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Akira

Score: 4.13

Matched TTPs:

T1601 - Modify System Image

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1128 - Netsh Helper DLL
T1490 - Inhibit System Recovery

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82

Matched TTPs:

T1199 - Trusted Relationship
T1548.006 - TCC Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1592.003 - Firmware
T1548.004 - Elevated Execution with Prompt
T1588.003 - Code Signing Certificates

MITREへのリンク →

OilRig

Score: 0.75

Matched TTPs:

T1199 - Trusted Relationship
T1592.002 - Software
T1128 - Netsh Helper DLL
T1556.009 - Conditional Access Policies
T1120 - Peripheral Device Discovery
T1526 - Cloud Service Discovery

MITREへのリンク →

FIN7

Score: 0.68

Matched TTPs:

T1199 - Trusted Relationship
T1140 - Deobfuscate/Decode Files or Information
T1564.002 - Hidden Users
T1490 - Inhibit System Recovery
T1578.001 - Create Snapshot
T1120 - Peripheral Device Discovery

MITREへのリンク →

Medusa Group

Score: 0.66

Matched TTPs:

T1598 - Phishing for Information
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1128 - Netsh Helper DLL
T1120 - Peripheral Device Discovery

MITREへのリンク →

Volt Typhoon

Score: 0.65

Matched TTPs:

T1491 - Defacement
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1578.001 - Create Snapshot
T1560.003 - Archive via Custom Method

MITREへのリンク →

APT41

Score: 0.62

Matched TTPs:

T1199 - Trusted Relationship
T1548.006 - TCC Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1008 - Fallback Channels
T1120 - Peripheral Device Discovery
T1560.003 - Archive via Custom Method

MITREへのリンク →

Kimsuky

Score: 0.60

Matched TTPs:

T1199 - Trusted Relationship
T1140 - Deobfuscate/Decode Files or Information
T1008 - Fallback Channels
T1490 - Inhibit System Recovery
T1120 - Peripheral Device Discovery
T1526 - Cloud Service Discovery

MITREへのリンク →

Chimera

Score: 0.60

Matched TTPs:

T1491 - Defacement
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation
T1592.003 - Firmware
T1578.001 - Create Snapshot

MITREへのリンク →

Wizard Spider

Score: 0.57

Matched TTPs:

T1199 - Trusted Relationship
T1548.006 - TCC Manipulation
T1556.009 - Conditional Access Policies
T1120 - Peripheral Device Discovery
T1526 - Cloud Service Discovery

MITREへのリンク →

Turla

Score: 0.57

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery
T1578.001 - Create Snapshot
T1556.009 - Conditional Access Policies
T1120 - Peripheral Device Discovery

MITREへのリンク →

Scattered Spider

Score: 0.56

Matched TTPs:

T1491 - Defacement
T1199 - Trusted Relationship
T1548.006 - TCC Manipulation
T1120 - Peripheral Device Discovery
T1560.003 - Archive via Custom Method

MITREへのリンク →

Mustang Panda

Score: 0.56

Matched TTPs:

T1199 - Trusted Relationship
T1055.005 - Thread Local Storage
T1548.006 - TCC Manipulation
T1120 - Peripheral Device Discovery
T1526 - Cloud Service Discovery

MITREへのリンク →

LAPSUS$

Score: 0.55

Matched TTPs:

T1548.006 - TCC Manipulation
T1199 - Trusted Relationship
T1592.003 - Firmware
T1601 - Modify System Image

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る