ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Zebrocy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Zebrocy

NamesZebrocy
Zekapab
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration, Tunneling
DescriptionZebrocy is a Trojan that has been used by APT28 since at least November 2015. The malware comes in several programming language variants, including C++, Delphi, AutoIt, C#, and VB.NET.
Information<https://unit42.paloaltonetworks.com/sofacy-creates-new-go-variant-of-zebrocy-tool/>
<https://www.accenture.com/us-en/blogs/blogs-snakemackerel-delivers-zekapab-malware>
<https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/>
<https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/>
<https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/>
<https://securelist.com/greyenergys-overlap-with-zebrocy/89506/>
<https://www.vkremez.com/2018/12/lets-learn-dissecting-apt28sofacy.html>
<https://www.vkremez.com/2018/12/lets-learn-reviewing-sofacys-zebrocy-c.html>
<https://securelist.com/a-zebrocy-go-downloader/89419/>
<https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303b>
<https://labs.sentinelone.com/a-deep-dive-into-zebrocys-dropper-docs/>
MITRE ATT&CK<https://attack.mitre.org/software/S0251/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.zebrocy>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.zebrocy_au3>

Last change to this tool card: 21 April 2021

Download this tool card in JSON format

All groups using tool Zebrocy

ChangedNameCountryObserved

APT groups

 Sofacy, APT 28, Fancy Bear, SednitRussia2004-Sep 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]