APT / THREAT GROUP

Zergeca

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Zergeca is a DDoS-botnet and backdoor written in Golang. It uses modified UPX for packing, with the magic number 0x30219101 instead of "UPX!". It is being distributed via weak telnet passwords and known vulnerabilities.

Threat Analysis

Zergeca is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

elf.zergecaZergeca

External Intelligence

Malpedia: elf.zergeca

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Zergeca — APT / Threat Group | Threat Intelligence | CTIWATCH.COM