ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool GameOver Zeus

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: GameOver Zeus

NamesGameOver Zeus
Peer-to-Peer Zeus
P2P Zeus
GOZ
CategoryMalware
TypeBanking trojan, Info stealer, Credential stealer, Downloader, Botnet
Description(US-CERT) GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.

Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community. GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data. Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult.
Information<https://www.us-cert.gov/ncas/alerts/TA14-150A>
<http://www.syssec-project.eu/m/page-media/3/zeus_malware13.pdf>
<https://www.blackhat.com/docs/us-15/materials/us-15-Peterson-GameOver-Zeus-Badguys-And-Backends.pdf>
<https://www.cert.pl/wp-content/uploads/2015/12/2013-06-p2p-rap_en.pdf>
<https://krebsonsecurity.com/2019/12/inside-evil-corp-a-100m-cybercrime-menace/>
<https://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware>
<https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf>
<https://www.lawfareblog.com/what-point-these-nation-state-indictments>
MITRE ATT&CK<https://attack.mitre.org/software/S0016/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.gameover_p2p>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:gameover%20zeus>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

Previous: Gamaredon
Next: GandCrab

All groups using tool GameOver Zeus

ChangedNameCountryObserved

APT groups

 TA505, Graceful Spider, Gold EvergreenRussia2006-Oct 2020X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key