SentinelOne VS Zebrocy – Protect Mode

Zebrocy is a known malware family, dating back to 2015, associated with the “Sofacy” threat group (aka APT28 / Fancy Bear). Zebrocy is used as a downloader and information collector (stealer). The typical delivery method for Zebrocy is via a phishing email or as a secondary component distribution after the initial compromise via phish.

In the past, Zebrocy was associated with commercial and government-focused attacks, including BREXIT-themed attacks in 2018.

Recent attacks show efforts to evolve and evade modern security controls. Current payloads demonstrated tactics, including allowing them to gain a foothold into VHD (Virtual Hard Disk) files, are just the latest evasion tactics, allowing them to gain a foothold by any means necessary.