ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool ZoxPNG

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: ZoxPNG

NamesZoxPNG
gresim
CategoryMalware
TypeBackdoor
Description(Novetta) ZoxPNG is a very simple RAT that uses the PNG image file format as the carrier for data going to and from the C2 server. ZoxPNG supports 13 commands natively. In addition, ZoxPNG has the ability to load and execute arbitrary code from the C2 server providing an almost unlimited feature set. For instance, ZoxPNG provides no functionality for key logging, screen grabbing or file execution. If an attacker required such functionality, the attacker would construct a simple shell-code binary which the ZoxPNG binary could execute thereby expanding the feature set of the Trojan.
ZoxPNG does not contain any configuration information. The attacker using ZoxPNG must specify the C2 server address as a command line argument.
Information<https://www.novetta.com/wp-content/uploads/2014/11/ZoxPNG.pdf>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.zoxpng>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool ZoxPNG

ChangedNameCountryObserved

APT groups

 APT 17, Deputy Dog, Elderwood, Sneaky PandaChina2009-Sep 2017 
 Axiom, Group 72China2008-2008/2014 

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key