Gozi Banking Trojan Pivots Towards Italian Banks in February and March
ATT&CK techniques detected
T1059.001PowerShell
93%
“specific evasion techniques can be found in this f5 labs article. figure 2 : screen capture showing javascript ’ s. removechild hiding trails of the injected script in danabot, a technique shared by gozi gozi is one of the oldest banking trojans, thus, in order to stay relevant, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
52%
“pulled from this same list but had a smaller target list. it excluded banco posta impresa online, bnl bank, consortium banking services, credem bank, creval, fineco bank, inbank, and relax banking. the following italian banks were also targeted by danabot in november and december…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1564.003Hidden Window
49%
“specific evasion techniques can be found in this f5 labs article. figure 2 : screen capture showing javascript ’ s. removechild hiding trails of the injected script in danabot, a technique shared by gozi gozi is one of the oldest banking trojans, thus, in order to stay relevant, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Gozi authors, who targeted banks in Canada, France, and the US in January 2019, shifted their targets to Italian banks in February 2019.