ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Gozi v2

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Gozi v2

NamesGozi v2
Gozi Prinimalka
Prinimalka-Gozi
CategoryMalware
TypeBanking trojan, Credential stealer
Description(IBM) RSA recently discovered a new malware variant it dubbed Prinimalka-Gozi, which reportedly will be used in a massive, coordinated attack on U.S. banks called Project Blitzkrieg. After analyzing Prinimalka-Gozi, IBM Security determined that it is a distant relative of the Gozi malware. According to our findings, the installation and HTML injection designation method it uses resembles Gozi. However, many implementation details such as the format of the HTML injection, certain configuration elements and the machine code injected into the browser process appear to be completely different than those of Gozi.
Information<https://securityintelligence.com/project-blitzkrieg-how-to-block-the-planned-prinimalka-gozi-trojan-attack/>
<https://krebsonsecurity.com/tag/gozi-prinimalka/>
<https://lokalhost.pl/gozi_tree.txt>

Last change to this tool card: 23 May 2020

Download this tool card in JSON format

All groups using tool Gozi v2

ChangedNameCountryObserved

Unknown groups

 _[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key