2018-12-07: ISFB Gozi v215 & v300

MD5 (2018-12-07.isfbv215.loader.decoded.vk.exe) = 432dd31c7fdee2a58e6bad527b3626b0
MD5 (2018-12-07.isfbv300.loader.decoded.vk.exe) = a1d90e56a7084ae5f006397b5d4de002

Bot                     ['2.15']
Build                   ['165']
Botnet/Group ID         ['3146', '3147']
DGA TLDs                ['com', 'ru', 'org']
Server                  [’12’]
Encryption key          ['10291029JSJUYNHG']
DGA CRC                 ['0x4eb7d2ca']
DGA Base URL            ['constitution.org/usdeclar.txt']
Domains                 ['nublatoste.com', 'jabbellabi.com', 'zeurnatine.com']
Path:                   ['/images/']


Bot                     ['3.00']
Build                   ['665']
Botnet/Group ID         ['10000']
DGA TLDs                ['com', 'ru', 'org']
Server                  [’12’]
Encryption key          ['2bf79PpFMluZ3xL0']
Domains                 ['https://akamaicln.com']


ISFB v215 Payload Domains:

ledibermen.com/KHZ/diuyz.php?l=rewb[1-14].tkn
caentivage.com/KHZ/diuyz.php?l=rewb[1-14].tkn