{
	"id": "1edd57b0-97e5-4597-b105-bc5462dedf6f",
	"created_at": "2026-04-06T00:15:17.699077Z",
	"updated_at": "2026-04-10T03:36:36.787467Z",
	"deleted_at": null,
	"sha1_hash": "2edcbb092065855684109f9e14984fa206a7cff2",
	"title": "Gameover P2P (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28548,
	"plain_text": "Gameover P2P (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 15:26:06 UTC\r\nGameover ZeuS is a peer-to-peer botnet based on components from the earlier ZeuS trojan. According to a report\r\nby Symantec, Gameover Zeus has largely been used for banking fraud and distribution of the CryptoLocker\r\nransomware. In early June 2014, the U.S. Department of Justice announced that an international inter-agency\r\ncollaboration named Operation Tovar had succeeded in temporarily cutting communication between Gameover\r\nZeuS and its command and control servers.\r\n[TLP:WHITE] win_gameover_p2p_auto (20251219 | Detects win.gameover_p2p.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.gameover_p2p\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.gameover_p2p\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.gameover_p2p"
	],
	"report_names": [
		"win.gameover_p2p"
	],
	"threat_actors": [
		{
			"id": "e447d393-c259-46e2-9932-19be2ba67149",
			"created_at": "2022-10-25T16:07:24.28282Z",
			"updated_at": "2026-04-10T02:00:04.921616Z",
			"deleted_at": null,
			"main_name": "TA505",
			"aliases": [
				"ATK 103",
				"Chimborazo",
				"G0092",
				"Gold Evergreen",
				"Gold Tahoe",
				"Graceful Spider",
				"Hive0065",
				"Operation Tovar",
				"Operation Trident Breach",
				"SectorJ04",
				"Spandex Tempest",
				"TA505",
				"TEMP.Warlock"
			],
			"source_name": "ETDA:TA505",
			"tools": [
				"Amadey",
				"AmmyyRAT",
				"AndroMut",
				"Azer",
				"Bart",
				"Bugat v5",
				"CryptFile2",
				"CryptoLocker",
				"CryptoMix",
				"CryptoShield",
				"Dridex",
				"Dudear",
				"EmailStealer",
				"FRIENDSPEAK",
				"Fake Globe",
				"Fareit",
				"FlawedAmmyy",
				"FlawedGrace",
				"FlowerPippi",
				"GOZ",
				"GameOver Zeus",
				"GazGolder",
				"Gelup",
				"Get2",
				"GetandGo",
				"GlobeImposter",
				"Gorhax",
				"GraceWire",
				"Gussdoor",
				"Jaff",
				"Kasidet",
				"Kegotip",
				"Kneber",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Locky",
				"MINEBRIDGE",
				"MINEBRIDGE RAT",
				"MirrorBlast",
				"Neutrino Bot",
				"Neutrino Exploit Kit",
				"P2P Zeus",
				"Peer-to-Peer Zeus",
				"Philadelphia",
				"Philadephia Ransom",
				"Pony Loader",
				"Rakhni",
				"ReflectiveGnome",
				"Remote Manipulator System",
				"RockLoader",
				"RuRAT",
				"SDBbot",
				"ServHelper",
				"Shifu",
				"Siplog",
				"TeslaGun",
				"TiniMet",
				"TinyMet",
				"Trojan.Zbot",
				"Wsnpoem",
				"Zbot",
				"Zeta",
				"ZeuS",
				"Zeus"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434517,
	"ts_updated_at": 1775792196,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2edcbb092065855684109f9e14984fa206a7cff2.pdf",
		"text": "https://archive.orkl.eu/2edcbb092065855684109f9e14984fa206a7cff2.txt",
		"img": "https://archive.orkl.eu/2edcbb092065855684109f9e14984fa206a7cff2.jpg"
	}
}