Gameover Zeus

Malware updated a month ago (2024-10-15T10:01:39.460Z)

Download STIX

Preview STIX

GameOver Zeus is a variant of the ZeuS malware, used by malicious actors to steal banking credentials and distribute other types of malware, including ransomware such as Cryptolocker. It operated as a banking Trojan, infecting systems and stealing sensitive information. The botnet was closely associated with Evgeniy Bogachev, a Russian cybercriminal linked to various malware schemes, including Zeus, Jabber Zeus, and GameOver Zeus. Notably, there were indirect affiliations suggesting that the Russian government might have utilized the GameOver Zeus botnet for espionage or Distributed Denial of Service (DDoS) attacks. In 2014, the FBI led an international effort to disrupt the GameOver Zeus botnet, which had infected between 500,000 and a million computers worldwide. This operation, known as Operation Tovar, targeted not only the botnet but also the Cryptolocker ransomware it distributed. Despite its disruption, GameOver Zeus left a significant impact on the cybersecurity landscape, prompting the emergence of successor threats like Dridex, a derivative of the Cridex banking worm, which adopted a similar affiliate model. Post-disruption of GameOver Zeus in 2014, threat actors created botnets such as Dridex to fill the void. Unlike GameOver Zeus, Dridex never matched the sophistication, size, and success of its predecessor. However, it evolved into a monetized platform for other threat actors to run malicious campaigns on a pay-per-install model, facilitating theft of sensitive data and ransom extortion. Despite having a hybrid Peer-to-Peer (P2P) architecture, these botnets significantly limited their ability to self-organize and maintain themselves without outside intervention, unlike other P2P botnets such as Kelihos and GameOver Zeus.

Description last updated: 2024-10-15T09:25:49.739Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Zeus is a possible alias for Gameover Zeus. Zeus is a notorious malware, short for malicious software, designed to exploit and damage computer systems. It is often spread through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, it can steal personal information, disrupt operations	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Botnet

Trojan

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The cryptolocker Malware is associated with Gameover Zeus. CryptoLocker is a type of malware known as ransomware that emerged as a significant cybersecurity threat. This malicious software infects systems through suspicious downloads, emails, or websites and then encrypts the user's documents, demanding a ransom for their recovery. It has been described as	Unspecified	3
The Dridex Malware is associated with Gameover Zeus. Dridex is a notorious malware, specifically a banking Trojan, designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software was primarily used by the Russian cybercriminal group, Evil Corp, founded in 2014. The group ta	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Evil Corp Threat Actor is associated with Gameover Zeus. Evil Corp, a threat actor based in Russia, has been identified as a significant cybersecurity threat due to its involvement in various malicious activities, including the deployment of Dridex malware. The group is led by Maksim Yakubets and has been sanctioned by the Treasury Department for its cybe	Unspecified	2

Source Document References

Information about the Gameover Zeus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	2 years ago	Emotet Rises Again: Evades Macro Security via OneNote Attachments
Krebs on Security	2 years ago	U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
Recorded Future	2 years ago	Dark Covenant 2.0: Cybercrime, the Russian State, and War in Ukraine \| Recored Future
CERT-EU	2 years ago	How the ZeuS Trojan Info Stealer Changed Cybersecurity
CERT-EU	2 years ago	What Is Domain Generation Algorithm? Definition and Role in Malware Attacks
MITRE	2 years ago	Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware
CERT-EU	a year ago	Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team
MITRE	2 years ago	Dridex (Bugat v5) Botnet Takeover Operation
CERT-EU	a year ago	How the FBI Fights Back Against Worldwide Cyberattacks
GovCERT CH	2 years ago	Detecting And Mitigating GameOver ZeuS (GOZ)
CERT-EU	8 months ago	Heimdal’s 10th Anniversary - Our Finest Hours