On February 17, 2017 Wapack Analysts observed a deep web market vendor advertising 2016 U.S. W-2’s with dates of birth (DOB) and U.S./EU bank accounts for sale. Additionally, the vendor is also selling the GozNym botnet. The vendor maintains good feedback in deep web markets. GozNym, though underground, received media attention in late September 2016 when CISCO’s Talos team cracked the Domain Generation Algorithm (DGA) of GozNym. This exposure may be the reason for the vendor's current public sale - utilizing dark web market escrow systems. Though the vendor sells on these sites, business is conducted over Jabber/E-Mail using PGP encryption...READ MORE
Wapack Labs has extensively reported on botnets in the past. An archive of related reporting can be found in the Red Sky Alliance Portal.
TLP: AMBER
ACTOR TYPE: (III)
SERIAL: IA-004-2017
COUNTRIES: US, EU
INDUSTRIES: Financial
REPORT DATE: 20170221
