Gozi2

Gozi ISFB banking trojan VBScript dropper. ZatWDYVMlX array obfuscation. Double numeric VBS filename. Ursnif GozNym derivative active since 2006.

Threat Profile
Type Backdoor
Programming LanguageVBScript
C2 ProtocolHTTPS
First Seen2006
Targets Küresel/Bankacılık
Purpose / Capabilities
  • Banking Trojan
No C2 servers have been identified for this family yet.

Research Reports (1)

Medium

Gozi/ISFB -- 36599208287637_182387937827.vbs Çift Sayısal VBS, ZatWDYVMlX Array Obfuskasyon | Orta

Gozi ISFB 2MB 36599208287637_182387937827.vbs cift sayisal VBS dropper. ZatWDYVMlX=array(r5,G2,E1...) agir obfuskatyon. Tek string.

Read Report →