Dismiss this notice
novaPDF Professional Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5523

Dismiss this notice
Ashampoo PDF PRO Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5524

Dismiss this notice
Undelete 11 Professional Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5522

Dismiss this notice
ExpressVPN Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5521

Dismiss this notice
Macrium Reflect Home Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5520


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
A Zebrocy Go Downloader
#1
Information 
[Image: Zeb_payments-1024x157.png]
Quote:Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy cluster has carved a new approach to malware development and delivery to the world of Sofacy. In line with this approach, we will present more on this Zebrocy innovation and activity playing out at SAS 2019 in Singapore.

Our colleagues at Palo Alto recently posted an analysis of Zebrocy malware. The analysis is good and marked their first detection of a Zebrocy Go variant as October 11, 2018. Because there is much to this cluster, clarifying and adding to the discussion is always productive.

Our original “Zebrocy Innovates – Layered Spearphishing Attachments and Go Downloaders” June 2018 writeup documents the very same downloader, putting the initial deployment of Zebrocy Go downloader activity at May 10, 2018. And while the targeting in the May event was most likely different from the October event, we documented this same Go downloader and same C2 was used to target a Kyrgyzstan organization. Also interesting is that the exact same system was a previous Zebrocy target earlier in 2018. So, knowing that this same activity is being reported on as “new” six months later tells us a bit about the willingness of this group to re-use rare components and infrastructure across different targets.
Full reading: https://securelist.com/a-zebrocy-go-downloader/89419/
[-] The following 1 user Likes harlan4096's post:
  • silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
Opera Browser Updates
Last Post: silversurfer
Today 15:07
» Replies: 18
» Views: 486
LibreOffice 6.2.2 Office Suite Released ...
Last Post: silversurfer
Today 14:54
» Replies: 0
» Views: 17
Google Chrome Updates
Last Post: silversurfer
Today 14:43
» Replies: 10
» Views: 381
Google Releases Chrome 73 Update for Lin...
Last Post: silversurfer
Today 14:33
» Replies: 0
» Views: 14
Funny memes
Last Post: smieszko
Today 13:43
» Replies: 0
» Views: 13
Funny pictures
Last Post: smieszko
Today 13:34
» Replies: 0
» Views: 16
The Russian Kaspersky challenges the US ...
Last Post: harlan4096
Today 12:20
» Replies: 0
» Views: 21
JPG To PDF 4.3
Last Post: smieszko
Yesterday 18:48
» Replies: 0
» Views: 26
Opera for Android 51 Now Available with ...
Last Post: silversurfer
Yesterday 14:50
» Replies: 1
» Views: 41
Cardinal RAT Resurrected to Target FinTe...
Last Post: silversurfer
Yesterday 14:45
» Replies: 0
» Views: 60
Google Will Let Android Users Choose The...
Last Post: silversurfer
Yesterday 14:41
» Replies: 0
» Views: 29
Best Motherboards: Q1 2019
Last Post: harlan4096
Yesterday 13:30
» Replies: 2
» Views: 36
What Is a Credential Stuffing Attack and...
Last Post: harlan4096
Yesterday 08:16
» Replies: 0
» Views: 33
HP Reveals Envy x360 15 Laptops with AMD...
Last Post: harlan4096
Yesterday 08:11
» Replies: 0
» Views: 29
Apple Upgrades iMac and iMac Pro: More C...
Last Post: harlan4096
Yesterday 08:09
» Replies: 0
» Views: 30
Apple Announces New 10.5" iPad Air, 7.9"...
Last Post: harlan4096
Yesterday 08:07
» Replies: 0
» Views: 35
Windows 10 updates: KB4489894, KB4489890...
Last Post: harlan4096
Yesterday 07:54
» Replies: 0
» Views: 32
EU member state websites laden with thir...
Last Post: harlan4096
Yesterday 07:53
» Replies: 0
» Views: 28
What firewall do you use and trust?
Last Post: jerzy6012
Yesterday 07:47
» Replies: 7
» Views: 151
Windows10Debloater: remove Windows 10 co...
Last Post: harlan4096
Yesterday 07:47
» Replies: 0
» Views: 21

[-]
Staffs Online
There are no staff members currently online.