|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
data exfiltration
command and control communication
system reconnaissance
downloading additional payloads
|
|
gptkbp:alsoKnownAs
|
gptkb:Zebrocy
Zebrocy Trojan
|
|
gptkbp:associatedWith
|
gptkb:APT28
gptkb:Fancy_Bear
|
|
gptkbp:deliveredBy
|
phishing emails
malicious attachments
|
|
gptkbp:firstObserved
|
2015
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Zebrocy malware family
|
|
gptkbp:mitreAttackId
|
S0081
S0251
|
|
gptkbp:notableVariant
|
Zebrocy AutoIt
Zebrocy C#
Zebrocy Delphi
Zebrocy Go
|
|
gptkbp:observedBy
|
gptkb:Palo_Alto_Networks
gptkb:ESET
gptkb:Kaspersky_Lab
gptkb:MITRE_ATT&CK
Unit 42
|
|
gptkbp:platform
|
gptkb:Windows
gptkb:macOS
gptkb:Linux
|
|
gptkbp:programmingLanguage
|
gptkb:Delphi
gptkb:AutoIt
gptkb:Go
gptkb:C#
|
|
gptkbp:relatedTo
|
gptkb:Sofacy_Group
gptkb:APT28
|
|
gptkbp:target
|
gptkb:Central_Asia
gptkb:Eastern_Europe
government organizations
military organizations
diplomatic organizations
|
|
gptkbp:technique
|
custom backdoors
malicious attachments
spear phishing
obfuscation
living off the land binaries
multi-stage infection chain
|
|
gptkbp:usedBy
|
Russian cyber espionage groups
|
|
gptkbp:usesMalware
|
backdoor
trojan
downloader
|
|
gptkbp:bfsParent
|
gptkb:SofacyZebrocy
|
|
gptkbp:bfsLayer
|
7
|