{
	"id": "dc3222a9-8012-4e97-9164-8868f743fda9",
	"created_at": "2026-04-06T00:12:43.82486Z",
	"updated_at": "2026-04-10T03:25:13.061632Z",
	"deleted_at": null,
	"sha1_hash": "3c0c7b98cdfac0d529ad7992e15877cc995406cb",
	"title": "https://lokalhost.pl/gozi_tree.txt",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 30441,
	"plain_text": "https://lokalhost.pl/gozi_tree.txt\r\nArchived: 2026-04-05 19:16:43 UTC\r\n moded\r\nursnif/ --+-- \u003e gozi (original name CRM)\r\nsnifula |\r\n |\u003c- goziv2/gozi prinimalka - rovnix used as a protector in some cases\r\n ____|___________________________________\r\n | |\r\n isfb vawtrak \u003c- pony\r\n | |\r\n__________|____________________ |\r\n| | | | vawtrak v2\r\n| | | | |\r\ndreambot* iap* powersniff goznym** \u003c- nymaim + \u003c- eol?\r\n(* propably some others but only diffrence are c\u0026c panels,\r\n(* those are 2 strains im seing being developed and are closest to `original` isfb\r\n(** isfb dll incorportated into nymaim)\r\nsome unpacked examples or links:\r\nursnif - https://virustotal.com/en/file/b5931739cda5d7d9989cc15f8213f9372e5a395dc694f66636e749343\r\ndreambot - https://virustotal.com/en/file/cf2a925a395211a69daa0f59c6432383b708e1d291c084ecddc8b5671\r\niap - https://virustotal.com/en/file/ffcb650b28719d3bde1b032b14cfe7f5d7f2a73878d752737da0ba8a4\r\npowersniff - https://virustotal.com/en/file/048ae3ffd293ec05385a16098cf4fd9f86bbd52aba2571217ae18a351\r\nvawtrak v1 - https://virustotal.com/en/file/9448f7ce348fc2ff88cb955baf0213298fb2bf7231af9b9a704a4dbce\r\nvawtrak v2 - https://virustotal.com/en/file/dc6ff578f7509ffc94a1bbff83576341e053ce064b9b8ee27af17d615\r\nnymaim - https://virustotal.com/en/file/e1e35f3e37257ea2788b2906811f6e9efbae4a9838c5a7c251d40842f\r\nisfb - https://github.com/gbrindisi/malware/tree/master/windows/gozi-isfb\r\ngoziv2 - http://blog.malwaremustdie.org/2013/02/the-infection-of-styx-exploit-kit.html\r\nSource: https://lokalhost.pl/gozi_tree.txt\r\nhttps://lokalhost.pl/gozi_tree.txt\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://lokalhost.pl/gozi_tree.txt"
	],
	"report_names": [
		"gozi_tree.txt"
	],
	"threat_actors": [
		{
			"id": "b753c6a8-a83d-47bc-829d-45e56136eb7d",
			"created_at": "2023-01-06T13:46:38.97802Z",
			"updated_at": "2026-04-10T02:00:03.169611Z",
			"deleted_at": null,
			"main_name": "GozNym",
			"aliases": [],
			"source_name": "MISPGALAXY:GozNym",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434363,
	"ts_updated_at": 1775791513,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3c0c7b98cdfac0d529ad7992e15877cc995406cb.pdf",
		"text": "https://archive.orkl.eu/3c0c7b98cdfac0d529ad7992e15877cc995406cb.txt",
		"img": "https://archive.orkl.eu/3c0c7b98cdfac0d529ad7992e15877cc995406cb.jpg"
	}
}