Windigo

Techniques (MITRE ATT&CK)7

SourceMITRE ATT&CK

Vexday analysis

Ativo desde pelo menos 2011, o Windigo é um grupo APT (identificador MITRE ATT&CK G0124) conhecido por comprometer milhares de servidores Linux e Unix por meio do backdoor SSH Ebury, utilizado para construir uma botnet de envio de spam. Mesmo após intervenção policial contra os criadores, os operadores do grupo continuaram atualizando o Ebury até 2019. O perfil técnico do grupo abrange 7 técnicas documentadas no framework MITRE ATT&CK.

Techniques (MITRE ATT&CK) 7

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Initial access

Drive-by Compromise

Execution

Command and Scripting Interpreter

Discovery

System Information Discovery File and Directory Discovery Software Discovery

Collection

Data from Local System

Command and control

Proxy

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

Windigo uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →