My first thought was “why weren’t these tools in VirusTotal already?”…:
US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks.
Both ComRAT and Zebrocy are malware families that have been used by Russia hacking groups for years, with ComRAT being deployed in attacks for more than a decade, having evolved from the old Agent.BTZ malware.
Both Turla and APT28 have consistently updated both tools to add evasion techniques and keep their malware undetected.
The purpose of this recent US government exposé is to share recent versions of these hacking tools with the general public so system administrators and other defenders can add detection rules and update protective measures.
On Thursday, US Cyber Command’s Cyber National Mission Force (CNMF) uploaded samples of the new ComRAT and Zebrocy versions on its VirusTotal account, while the Cybersecurity and Infrastructure Security Agency (CISA), in cooperation with the Federal Bureau of Investigation’s CyWatch, published two security advisories describing ComRAT and Zebrocy‘s inner workings.