ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Spotlight: GozNym

Tags

maec-delivery-vectors:

attack-pattern:

Data Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domain Generation Algorithms - T1637.001 Domain Generation Algorithms - T1568.002 Domain Generation Algorithms - T1520 Domain Generation Algorithms - T1483 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Brute Force - T1110 Rootkit - T1014 Rundll32 - T1085 Rootkit

Show in Graph

Common Information

Type	Value
UUID	fbb16d72-7f19-49c3-81b4-fbab8465acb2
Fingerprint	a0800f9304393789
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 27, 2016, 10:26 a.m.
Added to db	Oct. 9, 2022, 4:14 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Vulnerability Information
Title	Threat Spotlight: GozNym
Detected Hints/Tags/Attributes	82/2/48

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2016/09/goznym.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	707	google.com
Details	Domain	369	microsoft.com
Details	Domain	1	morelikestoday.com
Details	Domain	1	carsi12.com
Details	Domain	1	sociallyvital.com
Details	Domain	1	mbcqjsuqsd.com
Details	Domain	2	kcrznhnlpw.com
Details	Domain	1	humzka.com
Details	File	1018	rundll32.exe
Details	File	1	ngfk.dll
Details	File	2	dga_release.py
Details	File	1	extract_parameters_from_http_post.py
Details	File	1	decrypt_response.py
Details	sha256	1	bf1601d89f816312278ac09b0c21acdc854c4d21e1443f5170b49c5f64ffcc11
Details	sha256	1	4b2cda69112b4d25c25da0df18cad55dd78fed78e9525c1f48ff5b86517af505
Details	sha256	1	48e7c4357cb3f19ca931951b502fcb4a50c18240d2b21c08e54f7086dde35637
Details	sha256	1	c31878e2250f105b1ac52f9584d9f3d67fd07f2795c20cd1fdbe738fa24f639b
Details	sha256	1	4b9f9894953843c5929885e7ca0bfc16fd6b718c7567f83f6cc6881b0c17fb48
Details	sha256	1	e00d90dea174fa51b07d2d991614630721c04d12810fe72a40dea8fd6edfa3f1
Details	sha256	1	fa4f949b0bd6c4f07aee82027c40521ccdc6f4f3d930335caa6dc9bc2fab5140
Details	sha256	1	a68cec90af59daa1e71b4a0c5cf07c62ddc5440e9b1d4303bd111526d0972881
Details	sha256	1	7e42ec7809fd48590c1eb6c5f936187ce7c31177adff831837e9bcc7549ed440
Details	sha256	1	8ea0d38bd3857adc74eebafc548393ca982dbd7cb3a89a0499e453b05938cb6b
Details	sha256	1	aabd5d71c4251f8a56a0434c37ed88aba73d44bd45a66d054123c86665428778
Details	sha256	1	361231d27c6fe4d3f9176c7c5ebfba96618d15ea29f52625ae522054f81115a0
Details	sha256	1	7b90dcf26d56cc4b6325675cb973f122c2d98904eff540afd917b0552aa9c68b
Details	sha256	1	169384f163eb14b23d2bab8a9269ebd8940b0ec51bcd1767d03c43052c0bb139
Details	sha256	1	443f5760fda53f19db6f483c2fcce5658bebaa3d40a9e535e7de4723f3b40e13
Details	sha256	1	212aded63a3af0996f183da175dbd69ad830299cf3b8d97c7e10535c50b29de9
Details	sha256	1	31c4ae8dbf12f4f9999929602cf24179011c30d1599d36db190af7d85ed2ac1b
Details	sha256	1	a56c177c39bfaa4c50d28b549f7b509299135e0bcd82fb694b21bcbde90a7c66
Details	sha256	1	328fa5803334650ac130105c08251d47a3f447f114ead9d012308e11769379cc
Details	sha256	1	06580e38fe29b2e7ce3a53df4c5ccb389eaa21b8a2f0f4e2dbd880b3c5c5a4cd
Details	sha256	1	c16036c5fc0c25970ba55e5e9d1bb0be8a4044f39495679deb4900c12c1e57e3
Details	sha256	1	46001cf7063cffc00f2fcea7828084f6537e7cc500f3372b2014ca42b21a0dcc
Details	sha256	1	cc86b2b5939ba56a33395121a618c61cfb7cde19fa76231a3a5e872bf1262f34
Details	sha256	1	17aa5711b59e389ffb65294b8281d3b5f39ca18ac1ac861327e7d8548f49a4d3
Details	sha256	1	eb10ec30f2fec3830daee6ad502e527ad6ef67e4591d545b1a84dde300b3edb5
Details	sha256	1	55f9cd6cbed53ccc26d6d570807a18f91d9d8c10db352524df424f356d305a6e
Details	sha256	1	c58d987be377e4fa3d512a21fdb522bd894b8d91536330a9abebbb461fd093b7
Details	sha256	1	b98a835c6239c63a6ada26b92a4605264a9a36130bebe288b21c51edd750dea2
Details	sha256	1	87be9450f217180f09436d3307c7441d090ccfcedfcf6ce1275e8b0d2c9f4470
Details	sha256	1	9b52bd5194475d24b6f0e2d191a8e5bc943f80153a3768ce749dc5f93320e52f
Details	sha256	1	bac9c27a047a7fa4cb35f84fd7f63a87ce79e01c91944c48c35854cb891adf2c
Details	sha256	1	65a8909d4f61aff28a66ee4682c7722e68551fd2dc5fce2c8e160f89b2685971
Details	sha256	1	3577f0b44ded3f0207910c5e624a7a2667fea4fff0416f8c3cc37995c494e9e2
Details	IPv4	295	8.8.8.8
Details	IPv4	63	8.8.4.4