Ebury (2375465a-e6a9-40ab-b631-a5b04cf5c689)
Ebury is an OpenSSH backdoor and credential stealer targeting Linux servers and container hosts developed by Windigo. Ebury is primarily installed through modifying shared libraries (.so files) executed by the legitimate OpenSSH program. First seen in 2009, Ebury has been used to maintain a botnet of servers, deploy additional malware, and steal cryptocurrency wallets, credentials, and credit card details.[ESET Ebury Feb 2014][BleepingComputer Ebury March 2017][ESET Ebury Oct 2017][ESET Ebury May 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Ebury (2375465a-e6a9-40ab-b631-a5b04cf5c689) | Tidal Software | Windigo (eeb69751-8c22-4a5f-8da2-239cc7d7746c) | Tidal Groups | 1 |