2018-11-13: ISFB Gozi v217 & v3.00

MD5 (2018-11-12.isfbv217.client.decoded.vk.dll) = 9af8d35fcd286d8c06d06873480617b7
MD5 (2018-11-12.isfbv217.loader.decoded.vk.exe) = 2660b1834829ef54cacdd7ad5d538c8d
MD5 (2018-11-13.isfbv3.injected.loader.decoded.vk.exe.dll) = 5a444188b4789fb1538a2f6202ca9a13
MD5 (2018-11-13.isfbv3.loader.decoded.vk.exe) = abd56532b599fecd70cd3b8fde9e6a76

Bot                     ['2.17']
Build                   ['39']
Botnet/Group ID         ['3108’, '3109']
DGA TLDs                ['com', 'ru', 'org']
Server                  [’12’]
Encryption key          ['10291029JSJUYNHG']
DGA CRC                 ['0x4eb7d2ca']
DGA Base URL            ['constitution.org/usdeclar.txt']
Domains                 ['cythromatt.com', 'ticraphiff.com', 'dubbumnabb.com']
Path:                   ['/images/']


Bot                     ['3.00']
Build                   ['665']
Botnet/Group ID         ['40001']
DGA TLDs                ['com', 'ru', 'org']
Server                  [’12’]
Encryption key          ['KcJ2rbtrqmuHaj9W']
DGA CRC                 ['0x4eb7d2ca']
DGA Base URL            ['constitution.org/usdeclar.txt']
Domains                 ['https://chicmall.com]
Path:                   ['/images/']