Gameover Zeus

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Gameover ZeuS, also known as P2P ZeuS, is a notorious piece of malware designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The Swiss Governmental Computer Emergency Response Team (GovCERT.ch) has been aware of Gameover ZeuS for years, taking measures against this threat in collaboration with Swiss Internet service providers since July 2013. In response to the growing threat posed by Gameover ZeuS and the CryptoLocker ransomware, an international alliance called Operation Tovar was formed. This coalition brought together law enforcement agencies, security firms, and researchers from around the world to combat these cyber threats. Their collective effort aimed to dismantle the extensive botnets utilized by both Gameover ZeuS and CryptoLocker, which were responsible for widespread system infiltration and data theft. Today, the U.S. Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) announced the successful takedown of the GameOver ZeuS (GOZ) and CryptoLocker botnets. This marks a significant victory in the ongoing fight against cybercrime, demonstrating the effectiveness of international cooperation and concerted action against such threats. Despite this success, vigilance remains crucial as new forms of malware continue to emerge.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Zeus	4	Zeus is a type of malware, short for malicious software, designed to exploit and damage computers or devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Zeus can steal personal information, disrupt operations, or even hold da
P2P ZeuS	1	None
Goz	1	None

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Botnet

Malware

Ransomware

Trojan

Russia

Fraud

Fbi

Worm

Ddos

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
cryptolocker	Unspecified	3	CryptoLocker is a type of malware, specifically ransomware, that emerged as a significant threat to cybersecurity worldwide. This malicious software infiltrated systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, CryptoLocker encrypted user
Dridex	Unspecified	2	Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o
Emotet	Unspecified	1	Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected,
TrickBot	Unspecified	1	TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Evil Corp	Unspecified	2	Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Gozi Neverquest	Unspecified	1	None

Source Document References

Information about the Gameover Zeus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	a year ago	Emotet Rises Again: Evades Macro Security via OneNote Attachments
Krebs on Security	a year ago	U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
Recorded Future	a year ago	Dark Covenant 2.0: Cybercrime, the Russian State, and War in Ukraine \| Recored Future
CERT-EU	a year ago	How the ZeuS Trojan Info Stealer Changed Cybersecurity
CERT-EU	a year ago	What Is Domain Generation Algorithm? Definition and Role in Malware Attacks
MITRE	a year ago	Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware
CERT-EU	7 months ago	Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team
MITRE	a year ago	Dridex (Bugat v5) Botnet Takeover Operation
CERT-EU	10 months ago	How the FBI Fights Back Against Worldwide Cyberattacks
GovCERT CH	a year ago	Detecting And Mitigating GameOver ZeuS (GOZ)
CERT-EU	4 months ago	Heimdal’s 10th Anniversary - Our Finest Hours