2018-12-05: Gozi ISFB v215

MD5 (2018-12-05.isfbv215.loader.decoded.vk.exe) = 271bfe3c03e0a31db8efd0adf1f99505

Bot                     ['2.15']
Build                   ['165']
Botnet/Group ID         ['3140', '3141']
DGA TLDs                ['com', 'ru', 'org']
Server                  [’12’]
Encryption key          ['10291029JSJUYNHG']
DGA CRC                 ['0x4eb7d2ca']
DGA Base URL            ['constitution.org/usdeclar.txt']
Domains                 ['isatawatag.com', 'bosototsuy.com', 'atamekihok.com']
Path:                   ['/images/']

Payload Domain:

hayaushiru.com/KHZ/diuyz.php?l=boon[1-14].tkn
tazukasash.com/KHZ/diuyz.php?l=gymk[1-14].tkn
dewirasute.com/KHZ/diuyz.php?l=pryc[1-14].tkn