Open Hunting - Threat Library

Openhunting Threat Library

Godzilla

Godzilla, Godzilla Loader

(Type: Downloader, Worm, Botnet)

(Check Point) Enter Godzilla Loader, a malware being advertised on Dark Web forums, and being actively developed right now. Godzilla fills the “downloader” or “dropper” niche, offering a level of indirection such that the binary that first runs on the victim machine does not contain any of the actual payload, and instead downloads the payload from a remote server. Godzilla is actively maintained, with new features being added periodically, and retails for $500, around a quarter of the asking price of its better-established competitor, {{Emotet}}.

[News Analysis] Trends:

Total Trend: 0

Trend Per Year

Trend Per Month

[News Analysis] News Mention Another Threat Name:

[TTP Analysis] Technique Performance:

[TTP Analysis] Mitre Attack Matrix:

TA0043	TA0042	TA0001	TA0002	TA0003	TA0004	TA0005	TA0006	TA0007	TA0008	TA0009	TA0011	TA0010	TA0040
Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact

[Infrastructure Analysis] Based on Related IOC:

IP:Port	Timestamp

Domain	Timestamp

URL	Timestamp

[Target Analysis] Region/Sector:

No information

References:

News Basic Information Indicator of Compromise Mitre Attack

Basic Information (Credit @etda.or.th)

Tool: Godzilla

Names: Godzilla, Godzilla Loader

Description: (Check Point) Enter Godzilla Loader, a malware being advertised on Dark Web forums, and being actively developed right now. Godzilla fills the “downloader” or “dropper” niche, offering a level of indirection such that the binary that first runs on the victim machine does not contain any of the actual payload, and instead downloads the payload from a remote server. Godzilla is actively maintained, with new features being added periodically, and retails for $500, around a quarter of the asking price of its better-established competitor, {{Emotet}}.

Category: Malware

Type: Downloader, Worm, Botnet

Information: https://research.checkpoint.com/2018/godzilla-loader-and-the-long-tail-of-malware/

Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.godzilla_loader

Last-card-change: 2020-04-29

Source: https://apt.etda.or.th/cgi-bin/listtools.cgi

TA0043	TA0042	TA0001	TA0002	TA0003	TA0004	TA0005	TA0006	TA0007	TA0008	TA0009	TA0011	TA0010	TA0040
Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact