Glupteba is no longer part of Windigo
released on 2018-03-22 @ 04:01:59 PM
Our recent research on Linux/Ebury, the core component of Operation Windigo, led us to look at other components in Windigo’s ecosystem to see if they are still active and part of the same operation. During this process, we took a look at Win32/Glupteba, an open proxy previously distributed by exploit kits deployed as part of Operation Windigo. The result of our latest analysis strongly suggests that Glupteba is no longer tied to Operation Windigo.