Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:55:43 UTC
Home > List all groups > List all tools > List all groups using tool GozNym
 Tool: GozNym
Names GozNym
Category Malware
Type Banking trojan, Info stealer
Description
(IBM) IBM X-Force Research uncovered a Trojan hybrid spawned from the Nymaim and
Gozi ISFB malware. It appears that the operators of Nymaim have recompiled its source
code with part of the Gozi ISFB source code, creating a combination that is being actively
used in attacks against more than 24 U.S. and Canadian banks, stealing millions of dollars
so far. X-Force named this new hybrid GozNym.
The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to
create a powerful Trojan. From the Nymaim malware, it leverages the dropper’s stealth
and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate
fraud via infected Internet browsers. The end result is a new banking Trojan in the wild.
Internally, GozNym works like a double-headed beast, where the two codes rely on one
another to carry out the malware’s internal operations.
Information
AlienVault OTX Last change to this tool card: 23 May 2020
Download this tool card in JSON format
All groups using tool GozNym
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b541fb26-a782-4ede-863d-ce712c808411
Page 1 of 2

Other groups
  Bamboo Spider, TA544 [Unknown] 2016-Apr 2022
1 group listed (0 APT, 1 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b541fb26-a782-4ede-863d-ce712c808411
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b541fb26-a782-4ede-863d-ce712c808411
Page 2 of 2