Get a Demo
Login
Get a Demo
Login
zebrocy malware explained by brandefense

Zebrocy Malware Technical Analysis Report

What You Will Find In This Report?

Learn Technical Method of Operation Details

The technical details of the Zebrocy Malware and their abilities, infection methodologies, and more. The report will show many points about the Zebrocy's technical details, detections, and IoCs.

Gain Knowledge About Future Attacks

By understanding its attack model, you can make more informed predictions about the future of cybersecurity. Stay up-to-date with the latest trends and keep your business from potential threats.


Response & Mitigation Tactics From Experts

You can reach the exclusive details to produce proactive solutions. The malware has been increasingly active and sophisticated in recent years, making it more difficult for companies to protect themselves.

A Free Guide To CTOs SOC Teams CTI Analysts

First Time on Brandefense

What Our Customers Said About Us

Our Reputation, in Their Words – Read Our Customer Reviews

... with its user-friendly interface and comprehensive features, it is a platform that every institution that wants to protect itself from cyber threats can prefer. ...

Cyber Security Specialist

Customer support is really succesful for this service, they reply my messages quickly and help with the problems when i stuck with something.

Cyber Security Consultant

Comparing to other alike services, Brandefense is the best service that combines every feature that you may need for your environment.

Senior Red Team Expert

Brandefence product is highly useful and well-controlled, with a dedicated and innovative team. They monitor security log, investigate security incidents, and provide recommendations for improving security measures.

IT Manager
by
zebrocy malware explained by brandefense

[vc_row pix_particles_check=”” nav_skin=”light” consent_include=”include”][vc_column][vc_column_text]

This blog post comes from the “Zebrocy Technical Analysis Report” by the Brandefense CTI Analyst Team. For more details about the analysis, download the report.

Execution Summary

In this report prepared by the Brandefense cyber intelligence team, we analyzed malware toolkits belonging to an advanced cyber threat group, Sofacy (other security providers have called it APT28, Fancy Bear, STRONTIUM, Pawn Storm, and Sednit). In the report, malicious software sets belonging to the Sofacy group were shared in more than one version.

You should not be considered these antimalware precautions unique to only Zebrocy and any other malware toolkit. The behavior of groups with a high threat profile, such as Sofacy, must be understood. The techniques we have described explain what they need to do if one becomes the target of a future offensive campaign.

We consider that the report’s attack methods and malware investigations should create cyber security awareness. In addition, TTP findings used by threat actors will contribute by feeding cybersecurity teams.[/vc_column_text][pix_button btn_text=”Download the Zebrocy Technical Analysis Report” btn_target=”true” btn_size=”md” btn_effect=”” btn_hover_effect=”” btn_add_hover_effect=”” btn_div=”text-center” btn_link=”https://brandefense.io/research-zebrocy-malware-technical-analysis-report/”][vc_empty_space][vc_column_text]

General Description & Motivation

Zebrocy is malware that falls into the Trojan category, which the threat actor group APT28/Sofacy has used since 2015. Zebrocy malware consists of 3 main components; Backdoor, Downloader, and Dropper. The Downloader and Dropper take responsibility for discovery processes and downloading the main malware on the systems. At the same time, Backdoor undertakes the duties such as persistence in the system, espionage, and data extraction.

This malware, which is not considered new, has variants in many languages from the past to the present. These include programming languages such as Delphi, C#, Visual C++, VB.net, and Golang. Furthermore, we know advanced threat actors and groups revise their malicious software among their toolkits at certain time intervals using different languages and technologies.

It includes many social engineering techniques that direct its victims to open the attached files with a thematic fake mail trending at the malware distribution point.

The sectors targeted by the malware are as follows;

  • Ministries of Energy and Industry
  • Science and Engineering Centers
  • Ministry of Foreign Affairs
  • National Security and Intelligence Agencies
  • Press Services
  • Embassies and Consulates

The threat group’s focus is espionage activities aimed at critical and strategic points of states and organizations. These targets are located in countries in the Middle East, Europe, and North America.

Once the Zebrocy malware had infiltrated the target system, it first has initiated the discovery phase. Then, it starts some actions within the system within the framework of specific rules with metadata of the compromised system and a screenshot.

After the discovery phase, it transmits the files listed below to the command and control server to extract data.

Related file extensions:

  • .doc, .docx
  • .xls, .xlsx
  • .ppt, .pptx
  • .exe
  • .zip, .rar

We could make a general definition: The Zebrocy malware serves as a targetoriented attack campaign and contains the functions necessary for espionage activities. Furthermore, it is thought that malware is in a structure that is updated periodically and is structured to increase its capabilities with the addition of new modules to the malware.

This blog post comes from the “Zebrocy Malware Technical Analysis Report” by the Brandefense CTI Analyst Team. For more details about the analysis, download the report.

[/vc_column_text][vc_empty_space height=”10px”][vc_single_image image=”16379″ img_size=”full” add_caption=”yes” alignment=”center”][vc_empty_space height=”10px”][pix_button btn_text=”Download the IoCs and YARA Rules” btn_target=”true” btn_size=”md” btn_effect=”” btn_hover_effect=”” btn_add_hover_effect=”” btn_div=”text-center” btn_link=”https://github.com/BRANDEFENSE/IoC”][vc_empty_space][/vc_column][/vc_row]

top
Find a Partner
Channel Partners
Visit our partner finder to locate a partner in your region.
Not a Partner?
Become A Partner
Join our partner program for mutual growth and success.
Already a Partner?
Partner Portal Login
Enjoy the benefits of our strong and straightforward collaboration.
The Bridge Partner Program

Explore the guide that is designed to provide you with an overview of our partner program.

Download Now
Resources Types
Blog
Stay Secure with Expert Insights
Customer Stories
Success in Cybersecurity Stories
Datasheets
Information on Brandefense Offerings and More
e-Books
High-impact Cybersecurity Guides
Events
Connect for Information and Cybersecurity
Glossary
Demystify Cyber Jargon with Information
Threat Intelligence Researches
Empowering Defense with Threat Information
Reports
In-Depth Information for Cybersecurity
Security News
News and Information for Unbreakable Security
Infographics
Visualize Cyber Information Easily
Whitepapers
Cybersecurity Insight and Technical Knowledge
Explore Our Ransomware Threats Report

Our quarterly insights for strategic security perspectives.

Download Now
Platform Overview
Explore our DRPS platform, delivering Brandefense products and integrating with a range of leading security operations technology.
Learn More
Digital Risk Protection Services
Platform Overview
Comprehensive Cybersecurity Solution in One
Brand Protection
Defending Your Brand in Cyberspace
Exposure Management
Efficient Vulnerability Management
Cyber Threat Intelligence
Actionable Insights for Proactive Defense
Supply Chain Security
Securing End-to-End Digital Dependencies
Integrations
Technology Integrations
Discover innovative solutions and integrative platforms to connect and streamline your digital ecosystem
Speak with an Expert
Talk to our experts to understand our product better. They'll help you tailor it to your needs.
Get A Demo Today

CONTACT US

We’re here to help you with any questions or cyber security needs you may have! Our Team of experts is available around the clock and ready to asist. You can  choose from the contact options below or simply fill out the form to get in touch with us. Dont hesitate to reach out – we’re always happy to chat!

Contact Brandefense
Company Overview
About Us
Learn more about Brandefense cybersecurity approach.
Careers
Your Gateway to a Fullfilling and Successful Career Journey
News
Actionable Insight for Proactive Defense
Awards
Discover Brandefense's awards
Logos & Press Kit
Ensure brand consistency with Brandefense's logo guidelines
Speak with an Expert
Talk to our experts to understand our product better. They'll help you tailor it to your needs.
Get A Demo Today
Solutions
Threat Intelligence Services
Predict Future Threats and Block Them Before an Attack
Brand Monitoring
Protect your brand in cyber space against digital threats and cybercriminals
Fraud Protection
Cutting edge TTP Feed with a large cyber crime database
VIP Security
Unmatched Security: Safeguarding the Guardians
Vulnerability Intelligence
Navigating Threats with Precision Intelligence
Attack Surface Management
Strengthening Defenses, Redefining Security Perimeters
By Use Case
Preventing Data Leakage
Minimize potential risks before an attack by adversaries occurs
Phishing Monitoring
Proactive Defense Against Phishing Threats
Account Takeover Detection
Detect hacked computers with Brandefense's knowledge
Stolen Credit Cards
Defending Against Credit Card Theft
Dark Web Monitoring
Safeguarding Against Dark Web Intrigues
Remediation and Takedown
Contextualized evidence helps organizations understand and prevent threats
Speak with an Expert​
Talk to our experts to understand our product better. They'll help you tailor it to your needs.
Get A Demo Today
Search