web analytics

Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant

 

December 18th 2018, By Tara Seals

 

The group continues to evolve its custom malware in an effort to evade detection.

 

The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy (a.k.a. APT28, Fancy Bear or Sednit) – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go programming language.

 

The similarities between the new payload and previous Zebrocy variants start with the fact that the versions share the same command-and-control (C2) URL, according to an analysis from Palo Alto’s Unit 42 group. Beyond that, additional overlaps include the fact that it does initial data collection on the compromised system, exfiltrates this information to the C2 server and attempts to download, install and execute an additional payload from the C2.

 

Full Article.






Take a look at the best antivirus, anti-malware, anti-spy, etc. software