S0377Linux

S0377Ebury

Platforms
1
ATT&CK
14.1
References
4

Description

[Ebury](https://attack.mitre.org/software/S0377) is an SSH backdoor targeting Linux operating systems. Attackers require root-level access, which allows them to replace SSH binaries (ssh, sshd, ssh-add, etc) or modify a shared library used by OpenSSH (libkeyutils).(Citation: ESET Ebury Feb 2014)(Citation: BleepingComputer Ebury March 2017)(Citation: ESET Ebury Oct 2017)

Platforms· 1

Linux

References

  1. https://attack.mitre.org/software/S0377
  2. https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/
  3. https://www.bleepingcomputer.com/news/security/russian-hacker-pleads-guilty-for-role-in-infamous-linux-ebury-malware/
  4. https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
SSHDoor
Group
Windigo
Software
EBBISLAND (EBBSHAVE)
Software
Kessel
Software
Kobalos
Software
Turian
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.