<<< Hide Navigation Hide TOC >>>

Ebury (2375465a-e6a9-40ab-b631-a5b04cf5c689)

Ebury is an OpenSSH backdoor and credential stealer targeting Linux servers and container hosts developed by Windigo. Ebury is primarily installed through modifying shared libraries (.so files) executed by the legitimate OpenSSH program. First seen in 2009, Ebury has been used to maintain a botnet of servers, deploy additional malware, and steal cryptocurrency wallets, credentials, and credit card details.^{[ESET Ebury Feb 2014][BleepingComputer Ebury March 2017][ESET Ebury Oct 2017][ESET Ebury May 2024]}

Rows: 1

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Tidal Groups		Clear Tidal Software	Clear 1
Windigo (eeb69751-8c22-4a5f-8da2-239cc7d7746c)	Tidal Groups	Ebury (2375465a-e6a9-40ab-b631-a5b04cf5c689)	Tidal Software	1