Ebury

Malware Profile Updated a month ago
Download STIX
Preview STIX
Ebury is a sophisticated malware that has been causing havoc in the cyber world for over 15 years, with its main target being Linux servers. The first significant investigation into Ebury was conducted by ESET in 2014, revealing it as a key component of Operation Windigo. Ten years later, this threat remains potent, having compromised nearly 400,000 servers since 2009. The malware's reach has expanded beyond disruption and data theft to include financial exploitation through credit card and cryptocurrency theft. The Ebury botnet has evolved significantly over time, adding new features and expanding its toolkit for monetization. Despite infecting around 25,000 servers initially, recent findings suggest that the malware has developed advanced functionalities focusing on financial gain. If system administrators sanitize their infected servers, there's a risk that the cybercriminals behind Ebury could reinstall the malware if compromised credentials are reused. In response to the persistent threat, ESET released detection and remediation tools to help system administrators identify and deal with Ebury compromises. The Dutch National High Tech Crime Unit (NHTCU) discovered Ebury on a victim's server during a cryptocurrency theft investigation in 2021. This led to increased scrutiny of the malware and its operators. In 2015, one of the key individuals behind Ebury, Russian citizen Maxim Senak, was arrested at the Finland-Russia border and extradited to the US. Since then, remaining Ebury masterminds have maintained a low profile, but the malware continues to pose a substantial threat.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Windigo
3
Windigo is a threat actor known for its malicious campaign, Operation Windigo, which was first brought to light in a white paper published by ESET in 2014. This operation involved the use of multiple malware families, with the Ebury malware family at its core. The campaign leveraged Linux malware fo
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Linux
Malware
Backdoor
Openssh
Spam
Eset
Rootkit
AITM
Payload
Proxy
Bitcoin
Scams
Zero Day
At
Centos
SSH
Ubuntu
Debian
Trojan
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Ebury EburyUnspecified
1
None
Source Document References
Information about the Ebury Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
a month ago
ESET Threat Report H1 2024
Securityaffairs
2 months ago
Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION
ESET
2 months ago
The who, where, and how of APT attacks – Week in security with Tony Anscombe
DARKReading
2 months ago
400K Linux Servers Recruited by Resurrected Ebury Botnet
ESET
2 months ago
Ebury is alive but unseen: 400k Linux servers compromised for cryptotheft and financial gain
InfoSecurity-magazine
2 months ago
Ebury Botnet Operators Diversify with Financial and Crypto Theft
MITRE
a year ago
CERN Computer Security Information
MITRE
a year ago
An In‑depth Analysis of Linux/Ebury | WeLiveSecurity
MITRE
a year ago
Windigo Still not Windigone: An Ebury Update | WeLiveSecurity
MITRE
a year ago
Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware