← threatfilter.dev / all groups / IndigoZebra
IndigoZebra
Overview
IndigoZebra is a suspected Chinese cyber espionage group that has been targeting Central Asian governments since at least 2014.
Capabilities
- Custom malware/implant development — ATT&CK: 3 attributed custom malware families
TTPs — 7 techniques across 4 tactics
Resource Development
-
T1583.001Domains -
T1583.006Web Services -
T1586.002Email Accounts -
T1588.002Tool
Initial Access
-
T1566.001Spearphishing Attachment
Execution
-
T1204.002Malicious File
Command and Control
-
T1105Ingress Tool Transfer
Tools & malware (3)
xCaon · BoxCaon · PoisonIvy
Reporting (3)
- IndigoZebra APT Hacking Campaign Targets the Afghan Government — Lakshmanan, R.
- IndigoZebra APT continues to attack Central Asia with evolving tools — CheckPoint Research
- APT Trends report Q2 2017 — Kaspersky Lab's Global Research & Analysis Team