ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Gozi v2

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Gozi v2

NamesGozi v2
Gozi Prinimalka
Prinimalka-Gozi
CategoryMalware
TypeBanking trojan, Credential stealer
Description(IBM) RSA recently discovered a new malware variant it dubbed Prinimalka-Gozi, which reportedly will be used in a massive, coordinated attack on U.S. banks called Project Blitzkrieg. After analyzing Prinimalka-Gozi, IBM Security determined that it is a distant relative of the Gozi malware. According to our findings, the installation and HTML injection designation method it uses resembles Gozi. However, many implementation details such as the format of the HTML injection, certain configuration elements and the machine code injected into the browser process appear to be completely different than those of Gozi.
Information<https://securityintelligence.com/project-blitzkrieg-how-to-block-the-planned-prinimalka-gozi-trojan-attack/>
<https://krebsonsecurity.com/tag/gozi-prinimalka/>
<https://lokalhost.pl/gozi_tree.txt>

Last change to this tool card: 24 May 2020

Download this tool card in JSON format

Previous: Gozi ISFB
Next: GozNym

All groups using tool Gozi v2

ChangedNameCountryObserved

Unknown groups

X_[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]