Gozi

Description

(SecureWorks) A single attack by a single variant compromises more than 5200 hosts and 10,000 user accounts on hundreds of sites.

• Steals SSL data using advanced Winsock2 functionality • State-of-the-art, modularized trojan code • Spread through IE browser exploits • Undetected for weeks, months by many AV vendors • Customized server/database code to collect sensitive data • Customer interface for on-line purchases of stolen data • Accounts compromised by stealing data primarily from infected home PCs • Accounts at top financial, retail, health care, and government services affected • Data’s black market value at least $2 million

Names

Name
Gozi
CRM
Gozi CRM
Papras
Ursnif
Snifula

Category

Malware

Type

• Banking trojan
• Credential stealer

Information

• https://www.secureworks.com/research/gozi
• https://blog.gdatasoftware.com/2016/11/29325-analysis-ursnif-spying-on-your-data-since-2007
• http://researchcenter.paloaltonetworks.com/2017/02/unit42-banking-trojans-ursnif-global-distribution-networks-identified/
• https://lokalhost.pl/gozi_tree.txt
• https://blog.avast.com/ursnif-victim-data
• https://securityintelligence.com/posts/ursnif-cerberus-android-malware-bank-transfers-italy/
• https://www.mandiant.com/resources/blog/rm3-ldr4-ursnif-banking-fraud
• https://securityintelligence.com/posts/gozi-strikes-again-targeting-banks-cryptocurrency-and-more/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.gozi

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:gozi

Other Information

Uuid

f8740da3-1d35-498a-a026-74ce0c034f6d

Last Card Change

2023-09-06