ðŸ›Ąïļ
./Malfav.asm
Linkedin
  • 👋./Malfav.asm
    • ðŸ•ļïļMalfav Agenda
  • 🕷ïļMalware Introduction
    • ðŸ’ĄWhat is Malware
      • 🌠FIN Malware
      • ðŸĶ˜Cyber Gang Malware
        • 🕷ïļSpiders Malware
      • ðŸ•ĩïļâ€â™€ïļCyber Espionage Malware
      • 🍘Cyber Sabotage Malware
      • ðŸ›īRootkit
        • ðŸŦšBootkit
    • ðŸĶŦNations State APT
      • ðŸ—ŊïļAPT
      • ðŸ‡Ū🇷Iran APT
      • 🇷🇚Russian APT
      • ðŸ‡ĻðŸ‡ģChines APT
      • ðŸ‡ŪðŸ‡ģIndia APT
      • ðŸ‡ĩ🇰Pakistan APT
      • ðŸ‡ŧðŸ‡ģVietnamese APT
      • 🇰ðŸ‡ĩNorth Korean APT
    • ðŸĨ‹Mobile Malware
      • ðŸ“ēAndroid Malware
        • 💰Commerical Android Malware
          • Common Android Spyware
        • 🧧Common Android Exploits
          • 0ïļCommon Android 0day
      • ðŸ“ąIPHONE Malware
        • 🐚Common IPHONE Spyware
        • ðŸ’ĨCommerical IPHONE Malware
        • ðŸ’ĢCommon IPHONE Exploits
    • 📃Malicious Documents
      • ðŸ“ĻExcel Spreadsheets
      • 🗞PowerPoint Presentations
      • ðŸĪšMicrosoft Office Documents
      • 📑PDF
      • 📄Other Document Formats
      • ðŸĐžCommon Techniques Used in Malicious Documents
    • 🏞ïļAdvanced Persistence Threat - APT
      • ðŸĨ APT Groups
        • ðŸ‡ĻðŸ‡ģMustang Panda
        • 🛕Mustard Tempest
        • ðŸ‡ĻðŸ‡ģNaikon
        • ðŸŠĄNEODYMIUM
        • 🇷🇚Nomadic Octopus
        • ðŸ‡Ū🇷OilRig
        • 🍊Orangeworm
        • ðŸ‡ŪðŸ‡ģPatchwork
        • ðŸ‡ĻðŸ‡ģPittyTiger
        • 🌏PLATINUM
        • ðŸ‡ąðŸ‡§POLONIUM
        • ðŸ‡ĩðŸ‡đPoseidon Group
        • ðŸ‡đðŸ‡ēPROMETHIUM
        • ðŸ‡ĻðŸ‡ģPutter Panda
        • ðŸĶRancor
        • ðŸ‡ĻðŸ‡ģRocke
        • ðŸĒRTM
        • 🇷🇚Sandworm Team
        • 🃏Scarlet Mimic
        • ðŸ‡ŽðŸ‡ąScattered Spider
        • ðŸ‡ĩ🇰SideCopy
        • ðŸ‡ŪðŸ‡ģSidewinder
        • 🔕Silence
        • ðŸ‡Ū🇷Silent Librarian
        • ðŸ‡ģ🇎SilverTerrier
        • 🐞Sowbug
        • ðŸ”ąStrider
        • ðŸ‡ĻðŸ‡ģSuckfly
        • ðŸĨƒTA2541
        • ðŸ‡ĻðŸ‡ģTA459
        • 💞TA505
        • 💰TA551
        • ☁ïļTeamTNT
        • 🇷🇚TEMP.Veles
        • ðŸĶģThe White Company
        • ðŸ’ģThreat Group-1314
        • ðŸŦ“Threat Group-3390
        • ðŸ‡ĻðŸ‡ģThreat Group-3390
        • ðŸĶThrip
        • 🐈ToddyCat
        • 🐙Tonto Team
        • ðŸ‡ĩ🇰Transparent Tribe
        • 🐠Tropic Trooper
        • ðŸĒTurla
        • ðŸ‡Ū🇷UNC788
        • ðŸ‡ąðŸ‡§Volatile Cedar
        • ðŸ‡ĻðŸ‡ģVolt Typhoon
        • 🕊ïļWhitefly
        • 🔘Windigo
        • ðŸŠ―Windshift
        • ðŸ‡ĻðŸ‡ģWinnti Group
        • ðŸĨ€WIRTE
        • 🇷🇚Wizard Spider
        • 🎊ZIRCONIUM
      • ðŸđAPT's Software
        • 🐀3PARA RAT
        • 🐀4H RAT
        • ⚱ïļAADInternals
        • ðŸ”ŧABK
        • ⚗ïļAbstractEmu
        • ðŸŠąACAD/Medre.A
        • ðŸ‡ē🇰AcidRain
        • 🐎Action RAT
  • 🐁OS Internal's
    • ðŸĐSuspicious API's
      • ðŸŠĻProcess Information API's
      • ðŸ§ĐRegistry API's
      • 🔒Encryption API's
      • ðŸ“ŊRestore Point API's
      • ðŸ‘ūExfiltration API's
      • ðŸĶ‰Data Wiping API's
      • ðŸ“ĻShadow Copy API's
      • 🊞What is Malicious API's Functions
      • 🌊ïļSystem Information API's
      • 🌀Network Information API's
  • 🊟Windows Internal
    • ðŸ“ĄWindows Internal
      • ðŸĶWhy Windows Internal ?
        • ðŸĩïļProcess
        • ðŸ§ĩThread
        • 🊭Handle
        • 🌐Memory
        • â˜ĒïļRam
        • ðŸĪ–ROM
  • 👁ïļâ€ðŸ—ĻïļMalware Technique
    • 📓Malware Technique
    • ðŸ’ĒObfuscation
      • ðŸĶūAnti-Debugging Techniques
      • 🏗ïļInstruction Substitution
      • 📔Code Obfuscation
      • ðŸ“ĶCode Packing
      • 💈Polymorphism
      • 🌎ïļControl Flow Obfuscation
      • 🊅Data Obfuscation
      • 💅Metadata Obfuscation
      • ðŸŽĢMetamorphism
      • â›ēRuntime Obfuscation
    • 🛌Persistence Mechanism
      • 🔰Registry Persistence Mechanism
      • 🗑ïļTask Sch Persistence Mechanism
      • 📂Startup Folder
      • 🎋AppData Folder
      • ðŸŠđTemp Folder
  • ⚔ïļMalware Resources
    • ðŸ‘ŧMalware Resources
    • 🎇Malware Sample Resources
      • ðŸŒĄïļVirusShare
      • ♠ïļMalShare
      • ðŸšĨMalwareTraffic
      • 🚏Malware Bazaar
  • Malware Analysis Toolkit
    • 🧌Windows Malware Analysis Toolkit
      • 💉Common Online Malware Analysis Toolkit
        • 💎Joe Sandbox
        • 🎊VT - VirusTotal
        • ðŸ‘―Threat.Zone
        • ðŸĶHybrid Analysis
        • ðŸĶ„Any.run
        • ðŸĨŦFilescan
      • ðŸĨStatic Analysis Tools
        • ðŸĄAdvance Static Analysis Tool
      • 💠Dynamic Analysis Tool
        • Advance Dynamic Analysis Tool
      • ðŸĨœNetwork Analysis Tool
      • ðŸĨŸString Dumpers Toolkit
        • 📏Strings
        • ðŸĶžFloss
    • ðŸ“ąAndroid Malware Analysis Toolkit
      • ðŸ•đïļStatic Analysis Toolkit
      • 💠Dynamic Analysis Toolkit
      • ðŸŦ’Online Analysis Toolkit
    • ðŸ“ąIPHONE Malware Analysis Toolkit
      • ðŸĨĒStatic Analysis Toolkit
      • â™ĶïļDynamic Analysis Toolkit
    • ðŸ’ŧMAC OSX Malware Analysis Toolkit
      • ðŸ“ŊStatic Analysis Toolkit
      • 🍭Dynamic Analysis Toolkit
      • 🌎ïļOnline Analysis Toolkit
  • Books and Guidelines
    • 🔋Books and Guidelines for Malware Analysis .
      • 🏋ïļâ€â™€ïļAndroid Malware Analysis 101
      • ðŸĨ–Common Anti-Forensics
      • ðŸĶĢMemory Forensics GUI
      • 📞Assembly for Malware Analyst
      • ðŸ’ūDisk Image Forensics
      • ⚡Volatility Noob to Pro
  • 📋Malware Analysis Tips
    • 🖇ïļMalware Analysis Tips
      • ðŸŪMemory Malware Analysis
      • 🐜Technique to Investigate Process
      • ðŸ’ĨProcess Lists 1
      • ðŸ’ĨProcess Lists 2
      • ðŸ’ĨProcess Lists 3
  • ðŸ§―Incident Response
    • ðŸģWhat is Incident Response
      • Incident Response Tools
      • Incident Response Toolkit
  • Technical Analysis Report
    • ðŸĶŽTechnical Analysis Report
      • ðŸ§ēStuxnet Memory Analysis
  • ðŸšĻRootkit Removal
    • ðŸĪ–Rootkit Removal
  • 🗜ïļAntivirus Artifact
    • ã€―ïļAntivirus Artifact
      • 🀄Antivirus Process Name
  • 🧠Malware Author Mindset
    • ðŸ’―Malware Author Mindset
      • ðŸŦHow Malware Author Terminate Antivirus Process during runtime ?
Powered by GitBook
On this page
  1. Malware Introduction
  2. Advanced Persistence Threat - APT
  3. APT Groups

Windigo

PreviousWhiteflyNextWindshift

Last updated 10 months ago

The group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, operators continued updating through 2019.

Windigo
Ebury
Windigo
Ebury
[1]
[2]
🕷ïļ
🏞ïļ
ðŸĨ 
🔘
Page cover image