![]() The Zebrocy/Zepakab Autoit downloader implants are simple and reminiscent of the other version coded in Golang, C++, and Delphi. The malware downloaders are simple AutoIt compiled scripts with the added icons and are occasionally packed with UPX. APT28 is also known as Sofacy, Fancy Bear, STRONTIUM, Pawn Storm, and Sednit. Here, I decided to recover and dissect its AutoIt scripts from its executable. The APT28 group continues to be developing and leveraging Zebrocy/Zepakab downloader implants. Zebrocy/Zepakab Downloader Implant (32-Bit x86 Compiled) "parsestring()" and "parsefile()" FunctionsĮ. Zebrocy/Zepakab Downloader Implant (32-Bit 圆4 Compiled)ġ. Zebrocy/Zepakab Downloader Implant (32-Bit 圆4 Compiled)ĭ. Zebrocy/Zepakab Downloader Implant (32-Bit x86 Compiled)Ĭ. Zebrocy/Zepakab Downloader Implant (32-Bit x86 Compiled)ī. APT28 Zebrocy/Zepakab AutoIt Script ExtractionĪ.
0 Comments
Leave a Reply. |