Zebrocy

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[Zebrocy](https://attack.mitre.org/software/S0251) is a Trojan that has been used by [APT28](https://attack.mitre.org/groups/G0007) since at least November 2015. The malware comes in several programming language variants, including C++, Delphi, AutoIt, C#, VB.NET, and Golang. (Citation: Palo Alto Sofacy 06-2018)(Citation: Unit42 Cannon Nov 2018)(Citation: Unit42 Sofacy Dec 2018)(Citation: CISA Zebrocy Oct 2020)

Associated Techniques (31)

ID	ATT&CK	Tactics
T1012	Query Registry	-
T1016	System Network Configuration Discovery	-
T1027.002	Software Packing	-
T1033	System Owner/User Discovery	-
T1037.001	Logon Script (Windows)	-
T1041	Exfiltration Over C2 Channel	-
T1047	Windows Management Instrumentation	-
T1049	System Network Connections Discovery	-
T1053.005	Scheduled Task	-
T1056.004	Credential API Hooking	-
T1057	Process Discovery	-
T1059.003	Windows Command Shell	-
T1070.004	File Deletion	-
T1071.001	Web Protocols	-
T1071.003	Mail Protocols	-

Aliases (105)

Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab Zekapab

Used by Actors (1)

APT28
Nation-state

Metadata

ID:	465
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00