Ebury (2375465a-e6a9-40ab-b631-a5b04cf5c689)
Ebury is an SSH backdoor targeting Linux operating systems. Attackers require root-level access, which allows them to replace SSH binaries (ssh, sshd, ssh-add, etc) or modify a shared library used by OpenSSH (libkeyutils).[ESET Ebury Feb 2014][BleepingComputer Ebury March 2017][ESET Ebury Oct 2017]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Windigo (eeb69751-8c22-4a5f-8da2-239cc7d7746c) | Tidal Groups | Ebury (2375465a-e6a9-40ab-b631-a5b04cf5c689) | Tidal Software | 1 |