Names | GameOver Zeus Peer-to-Peer Zeus P2P Zeus GOZ | |
Category | Malware | |
Type | Banking trojan, Info stealer, Credential stealer, Downloader, Botnet | |
Description | (US-CERT) GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks. Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community. GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data. Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult. | |
Information | <https://www.us-cert.gov/ncas/alerts/TA14-150A> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0016/> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:gameover%20zeus> |
Last change to this tool card: 22 April 2020
Download this tool card in JSON format
Previous: Gamaredon
Next: GandCrab
Changed | Name | Country | Observed | ||
APT groups | |||||
![]() | TA505, Graceful Spider, Gold Evergreen | ![]() | 2006-Oct 2020 ![]() | ![]() |
1 group listed (1 APT, 0 other, 0 unknown)
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |