ZxShell (aka Sensocode) is a Remote Administration Tool (RAT) used by Group 72 to conduct cyber-espionage operations. The analysts involved were able to identify command and control (C2) servers, dropper and installation methods, means of persistence, and attack tools that are core to the RATs purpose. The researchers used their analysis to provide detection coverage for Snort, Fireamp, and ClamAV. The paper is a technical analysis on the functionality of Zx Shell.”]
Source: https://blog.talosintelligence.com/2014/10/threat-spotlight-group-72-opening.html