One Article Review
| Source |  Team Cymru |
|---|---|
| Identifiant | 1116 |
| Date de publication | 2016-05-02 16:14:36 (vue: 2016-05-02 16:14:36) |
| Titre | GOZNYM MALWARE |
| Texte | ARTICLE OVERVIEW Antivirus software detects GozNym hybrid as Nymaim variant GozNym samples resolve domains, do not connect to IPs returned. Separate IP used for HTTP comms. C2 channel for GozNym appears to be HTTP POST requests, in line with Nymaim-based origins Recent active related C2s at 194.149.138.49, 54.186.122.88, 82.13.46.90, 168.235.72.204 and domain ytugctbfm[.]com used IP85.171.195.89 likely C2 for late March/early April 2016 campaign Late March/early April 2016 campaign appears to primarily target US, AT, DE Campaigns are time-limited and samples will not run if system clock is outside a pre-set date range Recent reports have indicated the emergence of a […] |
| Envoyé | Oui |
| Condensat | 122 138 149 168 171 186 194 195 2016 204 235 active antivirus appears april are article based c2s campaign campaigns channel clock com comms connect date detects domain domains emergence goznym have http hybrid indicated ip85 ips late likely limited line malware march/early not nymaim origins outside overview post pre primarily range recent related reports requests resolve returned run samples separate set software system target time used variant will ytugctbfm |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.