Dismiss this notice
WinRAR forever! Father's Day 2019 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
SSDkeeper™ Professional Father's Day 2019 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
Ashampoo Cinemagraph Father's Day 2019 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
Revo Uninstaller Pro 4 Father's Day 2019 Giveaway - [Only registered and activated users can see links Click here to register]


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
A Zebrocy Go Downloader
#1
Information 
[Image: Zeb_payments-1024x157.png]
Quote:Last year at [Only registered and activated users can see links Click here to register] in Cancun, Mexico, “[Only registered and activated users can see links Click here to register]” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy cluster has carved a new approach to malware development and delivery to the world of Sofacy. In line with this approach, we will present more on this Zebrocy innovation and activity playing out at [Only registered and activated users can see links Click here to register] in Singapore.

Our colleagues at Palo Alto recently posted an [Only registered and activated users can see links Click here to register]. The analysis is good and marked their first detection of a Zebrocy Go variant as October 11, 2018. Because there is much to this cluster, clarifying and adding to the discussion is always productive.

Our original “Zebrocy Innovates – Layered Spearphishing Attachments and Go Downloaders” June 2018 writeup documents the very same downloader, putting the initial deployment of Zebrocy Go downloader activity at May 10, 2018. And while the targeting in the May event was most likely different from the October event, we documented this same Go downloader and same C2 was used to target a Kyrgyzstan organization. Also interesting is that the exact same system was a previous Zebrocy target earlier in 2018. So, knowing that this same activity is being reported on as “new” six months later tells us a bit about the willingness of this group to re-use rare components and infrastructure across different targets.
Full reading: [Only registered and activated users can see links Click here to register]
[-] The following 1 user Likes harlan4096's post:
  • silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
Skype 8.48.0.51
Skype 8.48.0.51: ...harlan4096 — 15:59
Google Allows G Suite Users to Log In Wi...
Google on Tuesday an...silversurfer — 15:08
EA Games Login Flaw Exposed Accounts of ...
Researchers have dis...silversurfer — 15:03
Windows 10 Bug Makes the Shutdown Proces...
A bug in Windows 10 ...silversurfer — 12:17
[Giveaway] MOVIEJACK
MOVIEJACK 4.0.7026 ...ismail — 12:15

[-]
Birthdays
Today's Birthdays
avatar (32)Tedscolo
avatar (39)brakasig
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>