Zebrocy

Zebrocy is a Trojan used by APT28. Zebrocy was seen used in attacks in early 2018. Zebrocy comes in several programming language variants, including C++, Delphi, and AutoIt. [1]

ID: S0251
Aliases: Zebrocy
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
Zebrocy[1]

Techniques Used

DomainIDNameUse
EnterpriseT1094Custom Command and Control ProtocolZebrocy uses raw sockets to communicate with its C2 server.[1]
EnterpriseT1105Remote File CopyZebrocy obtains additional code to execute on the victim's machine.[1]
EnterpriseT1071Standard Application Layer ProtocolAfter using raw sockets to communicate with its C2 server, Zebrocy uses a decrypted string to create HTTP POST requests.[1]
EnterpriseT1082System Information DiscoveryZebrocy collects the computer name and serial number for the storage volume C:\.[1]

Groups

Groups that use this software:

APT28

References