What malware does Nemesis Bear use?

Nemesis Bear is known to utilize X-Agent, Zebrocy, Drovorub in their campaigns.

Where is Nemesis Bear located?

Nemesis Bear originates from Russia and is classified as State-Sponsored (GRU).

Legal Disclaimer:

This platform is for authorized security research and educational purposes ONLY. Scanning assets without explicit permission is illegal.

State-Sponsored APT

Advanced Persistent Threat

Nemesis Bear

Origin: Russia | Active Since: 2004

// AI Dossier Summary

Nemesis Bear (APT28/Fancy Bear) is a Russian military intelligence (GRU) affiliated threat group known for cyber espionage and political interference campaigns.

// Group Fingerprint

Primary Name: Nemesis Bear
Known Aliases: APT28, Fancy Bear, Sofacy
State Sponsor: State-Sponsored (GRU)
Motivations: Espionage, Political Interference
Primary Targets: Government, Military, Media
Active Since: 2004

// Tradecraft & Arsenal

Known Malware Arsenal

X-Agent
Zebrocy
Drovorub

Target Industries

Government
Military
Media

MITRE ATT&CK Mapping

T1078Valid Accounts
T1110Brute Force