Tool: GameOver Zeus| Names | GameOver Zeus Peer-to-Peer Zeus P2P Zeus GOZ | |
| Category | Malware | |
| Type | Banking trojan, Info stealer, Credential stealer, Downloader, Botnet | |
| Description | (US-CERT) GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks. Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community. GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data. Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult. | |
| Information | <https://www.us-cert.gov/ncas/alerts/TA14-150A> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0016/> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:gameover%20zeus> | |
Last change to this tool card: 22 April 2020
Download this tool card in JSON format
Previous: Gamaredon
Next: GandCrab
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | TA505, Graceful Spider, Gold Evergreen |  | 2006-Oct 2020  |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |