Zeus

Malware updated 4 days ago (2024-10-29T20:00:24.317Z)
Download STIX
Preview STIX
Zeus is a notorious malware, short for malicious software, designed to exploit and damage computer systems. It is often spread through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. A variant of Zeus, known as a banking Trojan, was found hidden in malicious attachments with no attempt to conceal its presence. Furthermore, the ZLoader malware has incorporated Zeus's anti-analysis feature, making it even harder for cybersecurity experts to combat these threats. The Russia-based Evil Corp, known for being behind the Zeus and Dridex banking Trojans, largely vanished from the cybercrime scene following US sanctions in 2019. These sanctions revealed the identity of Yakubets, his relationship with an FSB agent who is his father-in-law, and the exposure of Evil Corp's inner workings. Despite this, the impact of Zeus continues to be felt globally. NATO communications have reportedly used Zeus, and an image of a directory from a French organization showed classified European Union documents containing the keyword "ZEUS." In recent developments, Ukrainian national Vyacheslav Igorevich Penchukov faced up to 20 years in prison for his role in Zeus and IcedID malware schemes. This sentencing is a significant step towards holding individuals accountable for their roles in creating and distributing harmful malware like Zeus. However, the persistent threat of Zeus and its variants underscores the ongoing need for robust cybersecurity measures and international cooperation in combating cybercrime.
Description last updated: 2024-10-29T20:00:24.280Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Gameover Zeus is a possible alias for Zeus. GameOver Zeus is a variant of the ZeuS malware, used by malicious actors to steal banking credentials and distribute other types of malware, including ransomware such as Cryptolocker. It operated as a banking Trojan, infecting systems and stealing sensitive information. The botnet was closely associ
4
Dridex is a possible alias for Zeus. Dridex is a notorious malware, specifically a banking Trojan, designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software was primarily used by the Russian cybercriminal group, Evil Corp, founded in 2014. The group ta
3
Zloader is a possible alias for Zeus. ZLoader is a form of malware, or malicious software, that is designed to exploit and damage computer systems. This harmful program can infiltrate a device through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal inform
3
Terdot is a possible alias for Zeus.
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Cybercrime
Ransomware
Botnet
Windows
Exploit
Phishing
Banking
Fraud
Ddos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The IcedID Malware is associated with Zeus. IcedID is a prominent malware that has been utilized in various cyber-attacks. It functions as a malicious software designed to infiltrate and damage computer systems, often through suspicious downloads, emails, or websites. Once inside a system, IcedID can steal personal information, disrupt operatis related to
4
The cryptolocker Malware is associated with Zeus. CryptoLocker is a type of malware known as ransomware that emerged as a significant cyber threat in the mid-2010s. This malicious software infiltrates systems through suspicious downloads, emails, or infected websites, often unbeknownst to the user. Once inside, it encrypts the system's files and deUnspecified
3
The BlackEnergy Malware is associated with Zeus. BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks aUnspecified
2
The Gozi Malware is associated with Zeus. Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a cUnspecified
2
The Blackhole Malware is associated with Zeus. BlackHole is a variant of a Windows Trojan known as DarkComet, which falls under the category of malware. Malware, short for malicious software, is a harmful program designed to infiltrate and damage computer systems or devices. It often enters systems through suspicious downloads, emails, or websitUnspecified
2
The Grandoreiro Malware is associated with Zeus. Grandoreiro is a malicious software, or malware, specifically classified as a banking Trojan. Originating from Brazil and categorized under the Tetrade group, it is designed to exploit and damage computer systems, typically infiltrating through suspicious downloads, emails, or websites. Once embeddeUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Evil Corp Threat Actor is associated with Zeus. Evil Corp, a threat actor based in Russia, has been identified as a significant cybersecurity threat due to its involvement in various malicious activities, including the deployment of Dridex malware. The group is led by Maksim Yakubets and has been sanctioned by the Treasury Department for its cybeUnspecified
3
Source Document References
Information about the Zeus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
10 days ago
InfoSecurity-magazine
17 days ago
DARKReading
a month ago
BankInfoSecurity
2 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
CERT-EU
a year ago
DARKReading
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Krebs on Security
6 months ago
Fortinet
6 months ago