:: [devuan-dev] bug#858: bug#858: Dete…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAlter Kim at <-
 
Delete this message
Reply to this message
Author: tempforever
Date:  
To: 858
Subject: [devuan-dev] bug#858: bug#858: Detection of ebury malware in debuan system
FYI the "ssh -G" is listed on this page
https://github.com/eset/malware-ioc/tree/master/windigo

The section is "Linux/Ebury v1.4 and earlier" with a couple of notices. 
One notice is that Ebury v1.4 is no longer deployed and most of the
indicators below no longer work.  Another notice is that this technique
only works with OpenSSH 6.7 or earlier.  OpenSSH 6.8 adds a legitimate
usage for the -G flag.  This is even shown in the first line of the output:
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
There are other detection methods listed for newer versions of OpenSSH.
This message was posted to the following mailing lists:
devuan-dev
Mailing List Info | Nearby Messages		<-[devuan-dev] bug#858: marked as done (Detection of ebury malware in debuan system)Re: [devuan-dev] Devuan meet 2024-09-05 @20:30 UTC->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)