Tracking GozNym Campaigns with MalNet

In 2007, Don Jackson while at SecureWorks had written about the Gozi Trojan, sharing details on the modularization and monetization strategies utilized by this family of malware. More recently, (04/04/16) Limor Kessem from IBM had also provided some interesting background on Gozi and Nymaim . Correlating the different indicators and samples, we had been able to observe different recent campaigns had started on the 14th, of April with the following campaign dates of interest: 2016-04-04 (The outlier in our samples appears to be 04/04/16) 2016-04-14 2016-04-15 2016-04-16 2016-04-17 2016-04-18 2016-04-19 Looking at the sample submission dates and

Demonstration: Tracking Malware Campaigns and Domains Using MalNet

MalNet brings together the industry's most up to date and extensive threat information from Proofpoint with Maltego link analysis capabilities from ShadowDragon. MalNet enables threat analysts and researchers to identify and visualize malware connections in just minutes to expedite investigations and response. In this short 4 minute video we will demonstrate how MalNet enables analysts to track malware campaigns and domains using malnet. By starting with just an malware artifact, we'll show you how you can identify new domains, ip addresses and additional malware all related to this original artifact. Technical Audiances In this example we start off with the