10-18-2018: Gozi ISFB v2.18 Build 1

Unpacked Loader MD5: 022dd7910e3ea283596ba23fec4508bb

Bot                     ['2.18']
Build                   ['01']
Botnet/Group ID         ['3087’]
DGA TLDs                ['com', 'ru', 'org']
Server                  [’12’]
Encryption key          ['10291029JSJUYNHG']
DGA CRC                 ['0x4eb7d2ca']
DGA Base URL            ['constitution.org/usdeclar.txt']
Domains                 ['announcillon.com', 'dhsiwyqdlskwsqo.com', 'hq92lmdlcdnandwuq.com']
Path:                   ['/images/']


Blocklist 2nd Stage:
tapretriat[.]com/RUI/levond.php?l=goks[1-7].xap
derwagiete[.]com/RUI/levond.php?l=goks[1-7].xap