Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:05:09 UTC
 Tool: URLZone
Names
URLZone
Bebloh
Shiotob
Category Malware
Type Banking trojan, Info stealer, Credential stealer
Description
(FireEye) URLZone is a banking trojan. It downloads a configuration file that contains
information on targeted financial institutions, and uses web injection techniques to steal a
user’s banking credentials.
Information
Malpedia AlienVault OTX Last change to this tool card: 14 May 2020
Download this tool card in JSON format
All groups using tool URLZone
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c2c5c377-1ce2-4488-8dc9-300465eb096e
Page 1 of 2

Changed Name Country Observed
Other groups
  Bamboo Spider, TA544 [Unknown] 2016-Apr 2022
1 group listed (0 APT, 1 other, 0 unknown)
↑
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c2c5c377-1ce2-4488-8dc9-300465eb096e
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c2c5c377-1ce2-4488-8dc9-300465eb096e
Page 2 of 2