2018-11-08: Gozi ISFB v217

MD5 (2018-11-08.isfb.client.decoded.vk.dll) = 23476fbd8a07db325e99b6d16097ddfa
MD5 (2018-11-08.isfb.loader.decoded.vk.exe) = cdfbad4f8e224596f0c982ddca9683b3

Bot                     ['2.17']
Build                   ['39']
Botnet/Group ID         ['3105’, '3106']
DGA TLDs                ['com', 'ru', 'org']
Server                  [’12’]
Encryption key          ['10291029JSJUYNHG']
DGA CRC                 ['0x4eb7d2ca']
DGA Base URL            ['constitution.org/usdeclar.txt']
Domains                 ['jititliste.com ', 'wifilhonle.com', 'scopoledod.com']
Path:                   ['/images/']

ISFB 2nd Stage Domains (2018-11-07):

tifyiskeri.com/WES/fatog.php?l=ngul1.xap
shumbildac.com/WES/fatog.php?l=ngul10.xap

ISFB 2nd Stage Domains (2018-11-08):

roidlandev.com/WES/fatog.php?l=wync1.xap
uvurinestl.com/WES/fatog.php?l=wync1.xap