Godzilla

Malware updated a month ago (2024-10-17T13:02:54.229Z)
Download STIX
Preview STIX
Godzilla is a malicious software (malware) that has been implicated in a series of cyberattacks, according to reports published by cybersecurity firms such as Trend Micro and CrowdStrike. The malware, once deployed, allows the perpetrators to maintain control over compromised servers through a webshell, enabling them to execute arbitrary commands, upload and download files, manipulate databases, and perform other harmful activities. Notably, the Godzilla malware was utilized in conjunction with other tools like the shellcode loader StealthVector, backdoor components Cobalt Strike, and a new backdoor named SneakCross, demonstrating the advanced techniques employed by the threat actors. The Godzilla malware was first observed in action during an attack on public-facing applications such as Internet Information Services (IIS) servers. This method of initial access allowed the threat actors to deploy the Godzilla webshell for persistence and command-and-control (C2). Subsequent attacks have seen the threat actor diversify its malware and tactics, further indicating the sophistication of their operations. Cybersecurity firm CrowdStrike reported similar tactics, techniques, and procedures (TTPs) used by a group they track as Ethereal Panda, suggesting possible links or shared methodologies between different threat actors. In relation to popular culture, the name "Godzilla" has also been associated with a TV series titled "Monarch: Legacy of Monsters," which was released on November 17, 2023. Set in the world of Godzilla, this cinematic series follows two siblings as they uncover their family ties to the mysterious Monarch organization. However, it's important to note that there's no direct connection between the malware and the TV series; the term "Godzilla" in both contexts refers to different entities.
Description last updated: 2024-10-17T12:59:39.069Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Anonymous Sudan is a possible alias for Godzilla. Anonymous Sudan, a threat actor group known for its large-scale distributed denial-of-service (DDoS) attacks, emerged in January 2023. Between January 2023 and March 2024, the group conducted numerous DDoS attacks against various entities worldwide. Notably, they targeted Telegram, a popular social
3
Infrashutdown is a possible alias for Godzilla. Infrashutdown, also known as "Godzilla," "Skynet," and associated with Anonymous Sudan, is a significant threat actor identified in the cybersecurity industry. This entity has been responsible for orchestrating malicious actions, specifically launching Distributed Denial of Service (DDoS) attacks, u
3
Godzilla Web Shell is a possible alias for Godzilla. The Godzilla Web Shell is a type of malware that has been used by threat actors to exploit vulnerabilities in systems. Malware, or malicious software, is a harmful program designed to infiltrate and damage computers or devices, often without the knowledge of the user. It can enter your system throug
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Loader
Webshell
Backdoor
Tool
Ddos
Botnet
Source
Malware
Iis
Vulnerability
Web Shell
Activemq
Payload
Sudan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Skynet Threat Actor is associated with Godzilla. Skynet, a threat actor group also known by several other names including "InfraShutdown" and the "Godzilla botnet", was a significant cybersecurity concern due to its unique method of conducting Distributed Denial of Service (DDoS) attacks. Unlike traditional DDoS botnets that rely on hacked devicesUnspecified
4
The Earth Baku Threat Actor is associated with Godzilla. Earth Baku, a threat actor linked to the China-associated APT group APT41, has emerged as a significant cybersecurity threat with operations extending beyond the Indo-Pacific region. Since late 2022, Earth Baku has expanded its malicious activities into Europe, the Middle East, and Africa. The groupUnspecified
2
Source Document References
Information about the Godzilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
Flashpoint
a month ago
Securityaffairs
a month ago
Krebs on Security
a month ago
Securityaffairs
3 months ago
DARKReading
3 months ago
Trend Micro
3 months ago
InfoSecurity-magazine
5 months ago
CERT-EU
8 months ago
DARKReading
8 months ago
CERT-EU
8 months ago
CERT-EU
9 months ago
MITRE
2 years ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CISA
2 years ago
Checkpoint
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago