11-5-2018: ISFB Gozi v217.39

1. MD5 (11-5-2018.isfb.client.decoded.vk.dll) = f1125c01f1333c70a4a20eec83b5efd0
2. MD5 (11-5-2018.isfb.loader.decoded.vk.dll) = d3a1694a9046b9eb36ff84dbf2aeb0d0
3.  
4. Bot ['2.17']
5. Build ['39']
6. Botnet/Group ID ['3098’, '3099']
7. DGA TLDs ['com', 'ru', 'org']
8. Server [’12’]
9. Encryption key ['10291029JSJUYNHG']
10. DGA CRC ['0x4eb7d2ca']
11. DGA Base URL ['constitution.org/usdeclar.txt']
12. Domains ['legicalpan.com ', 'dhsiwyqdlskwsqo.com', 'hq92lmdlcdnandwuq.com']
13. Path: ['/images/']
14.  
15. ISFB 2nd Stage Domains:
16.  
17. wolthorifi.com/TYJ/wwnox.php?l=juxe[1-10].xap
18. yaticaterm.com/TYJ/wwnox.php?l=juxe[1-10].xap