S0251Windows

S0251Zebrocy

Platforms
1
ATT&CK
14.1
References
7

Description

[Zebrocy](https://attack.mitre.org/software/S0251) is a Trojan that has been used by [APT28](https://attack.mitre.org/groups/G0007) since at least November 2015. The malware comes in several programming language variants, including C++, Delphi, AutoIt, C#, VB.NET, and Golang. (Citation: Palo Alto Sofacy 06-2018)(Citation: Unit42 Cannon Nov 2018)(Citation: Unit42 Sofacy Dec 2018)(Citation: CISA Zebrocy Oct 2020)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT28g0007100%live

References

  1. https://attack.mitre.org/software/S0251
  2. https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/
  3. https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/
  4. https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/
  5. https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303b
  6. https://www.cyberscoop.com/apt28-brexit-phishing-accenture/
  7. https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
ZeroT
Software
Sibot
Software
Cannon
Software
Octopus
Software
CozyCar
Software
ZxxZ
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.