Godzilla

Malware updated 23 days ago (2024-11-29T13:48:36.384Z)
Download STIX
Preview STIX
Godzilla is a malicious software (malware) that has been implicated in a series of cyberattacks, according to reports published by cybersecurity firms such as Trend Micro and CrowdStrike. The malware, once deployed, allows the perpetrators to maintain control over compromised servers through a webshell, enabling them to execute arbitrary commands, upload and download files, manipulate databases, and perform other harmful activities. Notably, the Godzilla malware was utilized in conjunction with other tools like the shellcode loader StealthVector, backdoor components Cobalt Strike, and a new backdoor named SneakCross, demonstrating the advanced techniques employed by the threat actors. The Godzilla malware was first observed in action during an attack on public-facing applications such as Internet Information Services (IIS) servers. This method of initial access allowed the threat actors to deploy the Godzilla webshell for persistence and command-and-control (C2). Subsequent attacks have seen the threat actor diversify its malware and tactics, further indicating the sophistication of their operations. Cybersecurity firm CrowdStrike reported similar tactics, techniques, and procedures (TTPs) used by a group they track as Ethereal Panda, suggesting possible links or shared methodologies between different threat actors. In relation to popular culture, the name "Godzilla" has also been associated with a TV series titled "Monarch: Legacy of Monsters," which was released on November 17, 2023. Set in the world of Godzilla, this cinematic series follows two siblings as they uncover their family ties to the mysterious Monarch organization. However, it's important to note that there's no direct connection between the malware and the TV series; the term "Godzilla" in both contexts refers to different entities.
Description last updated: 2024-10-17T12:59:39.069Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Skynet is a possible alias for Godzilla. Skynet, also known as "Godzilla" or "InfraShutdown," is a threat actor group that gained notoriety for its Distributed Cloud Attack Tool (DCAT), which it used to launch Distributed Denial of Service (DDoS) attacks. Unlike traditional DDoS botnets, Skynet's DCAT was more akin to a distributed cloud a
4
Anonymous Sudan is a possible alias for Godzilla. Anonymous Sudan is a threat actor that has been involved in executing numerous Distributed Denial of Service (DDoS) attacks against various entities worldwide between January 2023 and March 2024. The group consistently used social media platforms, notably Telegram, to claim responsibility for their
3
Infrashutdown is a possible alias for Godzilla. Infrashutdown, also known as "Godzilla," "Skynet," and associated with Anonymous Sudan, is a significant threat actor identified in the cybersecurity industry. This entity has been responsible for orchestrating malicious actions, specifically launching Distributed Denial of Service (DDoS) attacks, u
3
Godzilla Web Shell is a possible alias for Godzilla. The Godzilla Web Shell is a type of malware that has been used by threat actors to exploit vulnerabilities in systems. Malware, or malicious software, is a harmful program designed to infiltrate and damage computers or devices, often without the knowledge of the user. It can enter your system throug
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Loader
Webshell
Backdoor
Infrashutdown
Tool
Ddos
Botnet
Source
Malware
Iis
Vulnerability
Web Shell
Activemq
Payload
Sudan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Earth Baku Threat Actor is associated with Godzilla. Earth Baku, a threat actor linked to the China-associated APT group APT41, has emerged as a significant cybersecurity threat with operations extending beyond the Indo-Pacific region. Since late 2022, Earth Baku has expanded its malicious activities into Europe, the Middle East, and Africa. The groupUnspecified
2
Source Document References
Information about the Godzilla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
2 months ago
Flashpoint
2 months ago
Securityaffairs
2 months ago
Krebs on Security
2 months ago
Securityaffairs
4 months ago
DARKReading
4 months ago
Trend Micro
4 months ago
InfoSecurity-magazine
6 months ago
CERT-EU
9 months ago
DARKReading
9 months ago
CERT-EU
9 months ago
CERT-EU
10 months ago
MITRE
2 years ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CISA
2 years ago
Checkpoint
2 years ago
CERT-EU
a year ago
CERT-EU
2 years ago