ARTICLE OVERVIEW Antivirus software detects GozNym hybrid as Nymaim variant GozNym samples resolve domains, do not connect to IPs returned. Separate IP used for HTTP comms. C2 channel for GozNym appears to be HTTP POST requests, in line with Nymaim-based origins Recent active related C2s at 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199...
An inside look at the world of Team Cymru. Cybersecurity tools, tips, news and views.