Isfb

Malware Profile Updated a month ago
Download STIX
Preview STIX
ISFB, also known as Gozi or Ursnif, is a form of malware that has been a significant part of the cyberthreat landscape for several years. This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. ISFB, which is particularly prevalent in Poland, is being replaced with something that has roots in the same Carberp leak. It's interesting to note that the longevity of Gozi malware's use by criminals is partially attributed to an incident where the source code to the Gozi "ISFB" variant leaked sometime between 2013 and 2015. The BatLoader malware is a serious threat that delivers additional malware and tools, including the notorious Vidar Stealer and ISFB. Recently, eSentire conducted a comprehensive analysis of BatLoader, revealing its capability to drop several well-known malware or malicious tools such as ISFB, SystemBC RAT, Redline Stealer, and Vidar Stealer. Furthermore, BatLoader has the potential to deliver other malware and tools, including ISFB, Vidar Stealer, Cobalt Strike, Syncro RMM, and SystemBC RAT via fake installers. The downloaded malware samples are typically bankers like KBot and Gozi ISFB. In recent events, on March 6, 2023, Palo Alto Networks Unit 42 reported via Twitter about Gozi (ISFB/Ursnif) malware targeting Italy. A few months later, scripts began delivering various types of banking malware such as Tinba, Ramnit, or ISFB. Threat researchers describe this evolving threat as "frighteningly lucrative, even compared to the already lucrative cybercrime market." Variations based on ISFB, including GozNym or Dreambot, are still prevalent today. In February 2016, GozNym became popular again after incorporating leaked ISFB code.
What's your take? (Question 1 of 2)
a52e5f54-2b9a-4790-ba7c-ab41c80533b3 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Goznym
2
Goznym is a malicious software, or malware, that gained significant attention in February 2016 after incorporating leaked ISFB code. This potent combination led to its resurgence in the cybercrime market, where it was employed by threat actors to exploit and damage computer systems. The malware coul
Gozi
2
Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Isfb Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Unit42
a year ago
Finding Gozi: Unit 42 Wireshark Quiz, March 2023
CERT Polska
a year ago
Nymaim revisited
CERT-EU
a year ago
BatLoader Malware Dropper Continues to Pose a Threat to Organizations in 2023 - CYBERWARZONE
CERT Polska
a year ago
Ostap malware analysis (Backswap dropper)
CERT Polska
a year ago
Newest addition to a happy family: KBOT
CERT-EU
a year ago
Last of the Gozi 3 gets 36 months for malware ops scheme