The Zeus banking malware uses webinjects, form grabbing, keylogging, and other functionality to steal credentials, personally identifiable information (PII), and ultimately money from its victims. It has been a fixture within the cybercrime landscape since 2006. With the release of its source code in 2011, Zeus has splintered into many different malware families.

The goal of the zeusmuseum. is to find, categorize, and lightly document every version of these Zeus-derived families. There are currently 36 families (1 active), 629 versions, 10 deep dives, 478 curated references, 0 FOIAs, 98284 samples, and 0 notable actors in the museum.

Action (1)

Chthonic (71)

Citadel (24)

Evolution (1)

Flokibot (4)

Gameover (10)

Grabbot (16)

Ice IX (18)

KINS (17)

Murofet (10)

Pandabanker (45)

PowerZeus (1)

Prg (71)

Satan (5)

Silent Night (43) (Active)

Skynet (3)

Sphinx (5)

Tasks (23)

Uncategorized (22)

Unnamed 1 (3)

Unnamed 10 (1)

Unnamed 2 (4)

Unnamed 3 (6)

Unnamed 4 (10)

Unnamed 5 (8)

Unnamed 6 (3)

Unnamed 7 (2)

Unnamed 8 (1)

Unnamed 9 (2)

VMZeus (10)

Zeus 1 (109)

Zeus 2 (34)

ZeusAES (14)

ZeusX (4)

ZITMO (3)

Zloader (25)

curator@zeusmuseum.com / @tildedennis