ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Gozi

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Gozi

NamesGozi
CRM
Gozi CRM
Papras
Ursnif
Snifula
CategoryMalware
TypeBanking trojan, Credential stealer
Description(SecureWorks) A single attack by a single variant compromises more than 5200 hosts and 10,000 user accounts on hundreds of sites.

• Steals SSL data using advanced Winsock2 functionality
• State-of-the-art, modularized trojan code
• Spread through IE browser exploits
• Undetected for weeks, months by many AV vendors
• Customized server/database code to collect sensitive data
• Customer interface for on-line purchases of stolen data
• Accounts compromised by stealing data primarily from infected home PCs
• Accounts at top financial, retail, health care, and government services affected
• Data's black market value at least $2 million
Information<https://www.secureworks.com/research/gozi>
<https://blog.gdatasoftware.com/2016/11/29325-analysis-ursnif-spying-on-your-data-since-2007>
<http://researchcenter.paloaltonetworks.com/2017/02/unit42-banking-trojans-ursnif-global-distribution-networks-identified/>
<https://lokalhost.pl/gozi_tree.txt>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.gozi>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:gozi>

Last change to this tool card: 24 May 2020

Download this tool card in JSON format

All groups using tool Gozi

ChangedNameCountryObserved

Other groups

 TA551, Shathak[Unknown]2019 

Unknown groups

 _[ Interesting malware not linked to an actor yet ]_ 

2 groups listed (0 APT, 1 other, 1 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key