The end of Dreambot? Obituary for a loved piece of Gozi
Tags
country: Australia Canada China Germany Japan Poland Sierra Leone Romania
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Model Bootkit - T1542.003 Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Keylogging - T1056.001 Keylogging - T1417.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Vnc - T1021.005 Tool - T1588.002 Bootkit - T1067 Connection Proxy - T1090 Mshta - T1170 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID cd9ca5ea-7a6e-42c1-a38e-da01f977baed
Fingerprint 472140dd8831ad8d
Analysis status DONE
Considered CTI value 1
Text language
Published May 1, 2020, 11:33 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 12:29 p.m.
Headline The end of Dreambot? Obituary for a loved piece of Gozi.
Title The end of Dreambot? Obituary for a loved piece of Gozi
Detected Hints/Tags/Attributes 144/3/38
Source URLs
Redirection Url
Details Source https://medium.com/csis-techblog/the-end-of-dreambot-a-loved-piece-of-gozi-24cc9bfc8122
URL Provider
Details Provider Source level domain
Details medium.com medium.com
Attributes
Details Type #Events CTI Value
Details CVE 34 
cve-2019-1458
Details Domain 1 
2ud3gaufzaiikf3e.onion
Details Domain 1 
aaxvkah7dudzoloq.onion
Details Domain 4 
aeeeeeeeeeeeeeeeeeeeeeeeeeeeva.onion
Details Domain 1 
cbt3milmkp32ou4w.onion
Details Domain 1 
cxzko43pnr7ujnte.onion
Details Domain 1 
erreg34983gy89g389g89459.onion
Details Domain 1 
gfgyucg4ot3q3qno.onion
Details Domain 1 
iod5tem372udbzu2.onion
Details Domain 1 
kzuzxhlardmkvwwg.onion
Details Domain 1 
ly3sxhs55czhsb3u.onion
Details Domain 1 
s2mf5op7sjtonnkv.onion
Details Domain 1 
voekeyq7k5vyeg4z.onion
Details Domain 5 
wdwefwefwwfewdefewfwefw.onion
Details Domain 1 
ey7kuuklgieop2pq.onion
Details Domain 1 
jm2g6cyszkutaurp.onion
Details Domain 1 
h33a7jzovxp2dxfg.onion
Details Domain 1 
wuodygsb2cevqgh5.onion
Details Domain 1 
6vcatkjlim35nscu.onion
Details Domain 1 
facebouk.net
Details Domain 1 
web5401.com
Details Domain 1 
webnat.host
Details Domain 1 
spineyes.club
Details Domain 1 
cdn.greyrockland.com
Details Domain 1 
app.yourcellphonebiz.com
Details Domain 1 
js.choosebudget.com
Details Domain 2 
tehtris.com
Details File 7 
config.exe
Details File 1260 
explorer.exe
Details File 1211 
powershell.exe
Details IPv4 1 
185.212.149.162
Details IPv4 1 
178.79.145.141
Details IPv4 1 
185.147.15.13
Details IPv4 1 
195.88.208.76
Details IPv4 1 
94.156.189.217
Details IPv4 1 
192.254.66.108
Details Url 1 
https://tehtris.com/en/ransom-war-1
Details Url 1 
http://192.254.66.108:80/a