10-12-2018: GOZI ISFB Botnet/Group '3083'

Unpacked Loader MD5: 7a1210d5e2d3737aeee5ecec8b15940d

Bot                     ['2.18']
Build                   ['01']
Botnet/Group ID         ['3083’]
DGA TLDs                ['com', 'ru', 'org']
Server                  [’12’]
Encryption key          ['10291029JSJUYNHG']
DGA CRC                 ['0x4eb7d2ca']
DGA Base URL            ['constitution.org/usdeclar.txt']
Domains                 ['k37aos82skd9nal92kamcdla.com', 'dhsiwyqdlskwsqo.com', 'hq92lmdlcdnandwuq.com']
Path:					['/images/']