Rewterz Threat Alert – Alert on Gozi Banking Trojan

Rewterz Threat Alert – Adobe Flash Malicious APK

November 30, 2020

Rewterz Threat Alert – APT C-23 Highly Active

December 1, 2020

Rewterz Threat Alert – Alert on Gozi Banking Trojan

Severity

High

Analysis Summary

Originally a small banking Trojan, Gozi has undergone massive changes in the number of variants available to threat actors. Operating continuously since 2007, Gozi has infected millions of machines and done untold damage to all types of industries and users. At its core, Gozi variants carry similar traits across the board. Some of the similarities between versions are strings
contained within the binary’s .bss section, man-in-the-browser attack, specific C2 check-in format, obfuscation of the C2 check-in, keylogging, email, FTP, IM accounts data and certificate grabbing, among others.

Gozi banking Trojan co-author pleads guilty – Naked Security

Impact

Data breach
Exposure of sensitive data
Financial loss

Indicators of Compromise

MD5

c8392d93a1f064a53abb61887cad409b

SHA-256

07a73fb70fa63ff53d091c68cb1e5728314ff7b479ca695050173faf3f8f5ea2

SHA1

20c77abcc1e3904bf337af924200d63aaa012b1b

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Threat Alert – Adobe Flash Malicious APK

Rewterz Threat Alert – APT C-23 Highly Active

Rewterz Threat Alert – Alert on Gozi Banking Trojan

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan