Goznym

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Goznym is a malicious software, or malware, that gained significant attention in February 2016 after incorporating leaked ISFB code. This potent combination led to its resurgence in the cybercrime market, where it was employed by threat actors to exploit and damage computer systems. The malware could infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Goznym was capable of stealing personal information, disrupting operations, and even holding data for ransom. The GozNym network, consisting of members from Russia, Georgia, Ukraine, Moldova, and Bulgaria, used this malware to conduct highly profitable cybercriminal activities. In fact, they managed to steal over $100 million, making GozNym a frighteningly lucrative tool in the realm of cybercrime. The malware was particularly notorious for launching redirection attacks, similar to those employed by Dridex, another infamous malware. These attacks redirected users to fraudulent websites, furthering the malware's ability to steal sensitive information. Despite efforts to mitigate the impact of GozNym, various forks based on the ISFB code, including GozNym and Dreambot, are still prevalent today. These versions continue to pose a substantial threat to cybersecurity, demonstrating the enduring influence of the original GozNym malware. Therefore, continuous vigilance and robust security measures remain essential to protect against these persistent threats.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Isfb
2
ISFB, also known as Gozi or Ursnif, is a form of malware that has been a significant part of the cyberthreat landscape for several years. This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user'
Dreambot
1
Dreambot, also known as Ursnif and Gozi ISFB, is a malicious software (malware) designed to steal passwords and credentials, primarily targeting the banking and financial sectors. It has been described by threat researchers as "frighteningly lucrative," compared to the already profitable cybercrime
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Cybercrime
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DridexUnspecified
1
Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Goznym Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Tricks of the Trade: A Deeper Look Into TrickBot's Machinations
CERT-EU
10 months ago
North Korean and Chinese Hackers Attacking Healthcare Industries
CERT Polska
a year ago
Nymaim revisited
CERT-EU
a year ago
Last of the Gozi 3 gets 36 months for malware ops scheme