Zebrocy, also known as Koadic, is a remote access Trojan that is used as a backdoor to install two corrupted files, Xtunnel and Xagent on the computers it infects. To install these files, Zebrocy looks for previously specified targets, and when it found them, the files will be installed. Zebrocy has three versions, which are coded in dissimilar languages, Delphi, C++ and Autoit and, depending on the target, one of these three versions will be used. Zebrocy is a creation of the multi-named APT28, Sednit, STRONTIUM, Fancy Bear and Sofacy group, which is active since 2004, and targets government entities handling foreign affairs mainly, no matter their locations, to collect highly-privileged information.
Although the common computer user does not will be affected by Zebrocy, this article serves the purpose of demonstrating how no computer, no matter how powerful its owner is, is safe from the threats that populate the Internet and are just waiting for an opportunity to perform their attacks on vulnerable machines. This is what makes prevention so crucial to prevent infections like Zebrocy.