test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--4e868dad-682d-4897-b8df-2dc98f46c68a.json
{ | |
"type": "bundle", | |
"id": "bundle--512f7360-3e9f-41ca-878f-d813af97ea7e", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"aliases": [ | |
"Windigo" | |
], | |
"x_mitre_domains": [ | |
"enterprise-attack" | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"id": "intrusion-set--4e868dad-682d-4897-b8df-2dc98f46c68a", | |
"type": "intrusion-set", | |
"created": "2021-02-10T19:57:38.042Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"external_references": [ | |
{ | |
"external_id": "G0124", | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/groups/G0124" | |
}, | |
{ | |
"source_name": "ESET Windigo Mar 2014", | |
"url": "https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/", | |
"description": "Bilodeau, O., Bureau, M., Calvet, J., Dorais-Joncas, A., L\u00e9veill\u00e9, M., Vanheuverzwijn, B. (2014, March 18). Operation Windigo \u2013 the vivisection of a large Linux server\u2011side credential\u2011stealing malware campaign. Retrieved February 10, 2021." | |
}, | |
{ | |
"source_name": "CERN Windigo June 2019", | |
"url": "https://security.web.cern.ch/advisories/windigo/windigo.shtml", | |
"description": "CERN. (2019, June 4). 2019/06/04 Advisory: Windigo attacks. Retrieved February 10, 2021." | |
} | |
], | |
"modified": "2021-04-26T22:32:57.046Z", | |
"name": "Windigo", | |
"description": "The [Windigo](https://attack.mitre.org/groups/G0124) group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the [Ebury](https://attack.mitre.org/software/S0377) SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, [Windigo](https://attack.mitre.org/groups/G0124) operators continued updating [Ebury](https://attack.mitre.org/software/S0377) through 2019.(Citation: ESET Windigo Mar 2014)(Citation: CERN Windigo June 2019)", | |
"x_mitre_version": "1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |