0attributed CVEs
7ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
The [Windigo](https://attack.mitre.org/groups/G0124) group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the [Ebury](https://attack.mitre.org/software/S0377) SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, [Windigo](https://attack.mitre.org/groups/G0124) operators continued updating [Ebury](https://attack.mitre.org/software/S0377) through 2019.(Citation: ESET Windigo Mar 2014)(Citation: CERN Windigo June 2019)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-3 | 4 / 7 | 57% |
SI-4 | 4 / 7 | 57% |
AC-3 | 3 / 7 | 43% |
AC-6 | 3 / 7 | 43% |
CA-7 | 3 / 7 | 43% |
CM-2 | 3 / 7 | 43% |
CM-6 | 3 / 7 | 43% |
AC-2 | 2 / 7 | 29% |
AC-4 | 2 / 7 | 29% |
CM-7 | 2 / 7 | 29% |
CM-8 | 2 / 7 | 29% |
SC-18 | 2 / 7 | 29% |
SC-7 | 2 / 7 | 29% |
SI-10 | 2 / 7 | 29% |
SI-2 | 2 / 7 | 29% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Dark Caracal 0.18
- Sowbug 0.18
- Inception 0.17
- Windshift 0.15
- FLORAHOX Activity 0.14