Godzilla

Malware updated 14 hours ago (2024-10-17T13:02:54.229Z)

Download STIX

Preview STIX

Godzilla is a malicious software (malware) that has been implicated in a series of cyberattacks, according to reports published by cybersecurity firms such as Trend Micro and CrowdStrike. The malware, once deployed, allows the perpetrators to maintain control over compromised servers through a webshell, enabling them to execute arbitrary commands, upload and download files, manipulate databases, and perform other harmful activities. Notably, the Godzilla malware was utilized in conjunction with other tools like the shellcode loader StealthVector, backdoor components Cobalt Strike, and a new backdoor named SneakCross, demonstrating the advanced techniques employed by the threat actors. The Godzilla malware was first observed in action during an attack on public-facing applications such as Internet Information Services (IIS) servers. This method of initial access allowed the threat actors to deploy the Godzilla webshell for persistence and command-and-control (C2). Subsequent attacks have seen the threat actor diversify its malware and tactics, further indicating the sophistication of their operations. Cybersecurity firm CrowdStrike reported similar tactics, techniques, and procedures (TTPs) used by a group they track as Ethereal Panda, suggesting possible links or shared methodologies between different threat actors. In relation to popular culture, the name "Godzilla" has also been associated with a TV series titled "Monarch: Legacy of Monsters," which was released on November 17, 2023. Set in the world of Godzilla, this cinematic series follows two siblings as they uncover their family ties to the mysterious Monarch organization. However, it's important to note that there's no direct connection between the malware and the TV series; the term "Godzilla" in both contexts refers to different entities.

Description last updated: 2024-10-17T12:59:39.069Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Godzilla Web Shell is a possible alias for Godzilla. The Godzilla Web Shell is a type of malware that has been used by threat actors to exploit vulnerabilities in systems. Malware, or malicious software, is a harmful program designed to infiltrate and damage computers or devices, often without the knowledge of the user. It can enter your system throug	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Loader

Webshell

Backdoor

Activemq

Payload

Iis

Malware

Vulnerability

Web Shell

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Anonymous Sudan Threat Actor is associated with Godzilla. Anonymous Sudan, a threat actor group known for its malicious activities, has been actively involved in promoting a new Distributed Denial of Service (DDoS) botnet service named “Skynet-GodzillaBotnet” as of February 26, 2024. The group is recognized for its previous DDoS attacks on the encrypted me	Unspecified	2
The Earth Baku Threat Actor is associated with Godzilla. Earth Baku, a threat actor linked to the China-associated APT group APT41, has emerged as a significant cybersecurity threat with operations extending beyond the Indo-Pacific region. Since late 2022, Earth Baku has expanded its malicious activities into Europe, the Middle East, and Africa. The group	Unspecified	2

Source Document References

Information about the Godzilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	Earth Baku APT targets Europe, the Middle East, and Africa
DARKReading	2 months ago	APT41 Spinoff Expands Chinese Actor's Scope Beyond Asia
Trend Micro	2 months ago	A Dive into Earth Baku’s Latest Campaign
InfoSecurity-magazine	4 months ago	China-Based RedJuliett Targets Taiwan in Cyber Espionage Campaign
CERT-EU	7 months ago	Technical Glitch Causes Global Disruption for Meta Users
DARKReading	7 months ago	Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory
CERT-EU	7 months ago	Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU	7 months ago	Hackers Exploit WordPress Plugin Flaw to Deploy Godzilla Web Shell
MITRE	2 years ago	Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files \| NETSCOUT
CERT-EU	a year ago	Apple TV+ shows and movies: What to watch on Apple TV Plus
Securityaffairs	a year ago	After ChatGPT, Anonymous Sudan took down Cloudflare website
CERT-EU	10 months ago	Apple TV+ shows and movies: What to watch on Apple TV Plus
CISA	2 years ago	MAR-10400779-1.v1 – Zimbra 1 \| CISA
Checkpoint	2 years ago	Rhadamanthys: The “Everything Bagel” Infostealer - Check Point Research
CERT-EU	a year ago	The Morning After: ‘GTA VI’ hacker leaked game footage with a Fire TV Stick \| Engadget
CERT-EU	a year ago	Flea APT’s latest campaign targets foreign affairs ministries with new Graphican backdoor
CERT-EU	10 months ago	Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU	9 months ago	Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU	8 months ago	Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU	8 months ago	Apple TV+ shows and movies: What to watch on Apple TV Plus