The Zeus banking malware uses webinjects, form grabbing, keylogging, and other functionality to steal credentials, personally identifiable information (PII), and ultimately money from its victims. It has been a fixture within the cybercrime landscape since 2006. With the release of its source code in 2011, Zeus has splintered into many different malware families.

The goal of the zeusmuseum. is to find, categorize, and lightly document every version of these Zeus-derived families. There are currently 36 families (1 active), 627 versions, 8 deep dives, 471 curated references, 0 FOIAs, 98244 samples, and 0 notable actors in the museum.

Action (1)

Chthonic (71)

Citadel (24)

Evolution (1)

Flokibot (4)

Gameover (10)

Grabbot (16)

Ice IX (18)

KINS (17)

Murofet (10)

Pandabanker (45)

PowerZeus (1)

Prg (70)

Satan (5)

Silent Night (42) (Active)

Skynet (3)

Sphinx (5)

Tasks (23)

Uncategorized (22)

Unnamed 1 (3)

Unnamed 10 (1)

Unnamed 2 (4)

Unnamed 3 (6)

Unnamed 4 (10)

Unnamed 5 (8)

Unnamed 6 (3)

Unnamed 7 (2)

Unnamed 8 (1)

Unnamed 9 (2)

VMZeus (10)

Zeus 1 (109)

Zeus 2 (34)

ZeusAES (14)

ZeusX (4)

ZITMO (3)

Zloader (25)

curator@zeusmuseum.com / @tildedennis