https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-full.pdf
https://www.welivesecurity.com/2017/05/09/sednit-adds-two-zero-day-exploits-using-trumps-attack-syria-decoy/
https://www.emanueledelucia.net/apt28-targeting-military-institutions/
https://www.emanueledelucia.net/apt28-sofacy-seduploader-under-the-christmas-tree/
https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/
https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/
https://unit42.paloaltonetworks.com/sofacy-creates-new-go-variant-of-zebrocy-tool/
https://blog.trendmicro.co.jp/archives/19829
https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/
https://twitter.com/DrunkBinary
https://github.com/williballenthin/idawilli/blob/master/scripts/yara_fn/yara_fn.py
https://twitter.com/r0ny_123