ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool GozNym

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: GozNym

NamesGozNym
CategoryMalware
TypeBanking trojan, Info stealer
Description(IBM) IBM X-Force Research uncovered a Trojan hybrid spawned from the Nymaim and Gozi ISFB malware. It appears that the operators of Nymaim have recompiled its source code with part of the Gozi ISFB source code, creating a combination that is being actively used in attacks against more than 24 U.S. and Canadian banks, stealing millions of dollars so far. X-Force named this new hybrid GozNym.

The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to create a powerful Trojan. From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers. The end result is a new banking Trojan in the wild.

Internally, GozNym works like a double-headed beast, where the two codes rely on one another to carry out the malware’s internal operations.
Information<https://securityintelligence.com/meet-goznym-the-banking-malware-offspring-of-gozi-isfb-and-nymaim/>
<https://lokalhost.pl/gozi_tree.txt>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:goznym>

Last change to this tool card: 23 May 2020

Download this tool card in JSON format

All groups using tool GozNym

ChangedNameCountryObserved

Other groups

 Bamboo Spider, TA544[Unknown]2016-May 2020X

1 group listed (0 APT, 1 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key