Zebrocy’s Multi-Language Malware Salad

Explore the intricacies of Zebrocy, a unique APT group, in this 25-minute conference talk by Kurt Baumgartner, principal security researcher at Kaspersky's Global Research and Analysis Team. Delve into the group's distinct characteristics that set it apart from Sofacy and BlackEnergy. Examine the Zebrocy timeline, implant strategies, and spearphishing techniques. Analyze various second-stage implants, including AutoIT, Delphi, C#, and the Canon Backdoor. Investigate the Delphi payload and its connection to embassy targets. Learn about decompiler techniques and gain insights into potential future developments in this Russian-speaking threat actor's activities.

Introduction
Overview
Last year
Zebrocy timeline
Zebrocy implant
Spearfish
Second stage implants
AutoIT
Delphi
CSharp
Canon Backdoor
Delphi payload
Embassy
Decompiler
Whats next