![]() According to that documentation, ISFB is a bot designed to sniff and manipulate HTTP traffic on a victim's computer. The leak has a readme.txt (written in Russian) detailing in broad strokes the capabilities of ISFB. The ISFB 2013 leak was incredibly comprehensive - complete with documentation on how to build and configure the botnet, along with source code for most components, including the dropper and bot DLLs. Most of that code is being reused, with large swaths of it only undergoing minor changes. Some of the code shared between these families was created almost two decades ago. Over the last few years, several leaks of the source codes for major botnets such as Gozi, ISFB, and Mirai have provided insight into the evolution of some of the present-day botnets that branched off from one of those predecessors listed above.ĭreambot is an offshoot of ISFB, which was a descendant of Gozi (first observed in 2006), which in turn had used code taken from Urnsif in 2000. ![]() ![]() After unpacking it, we found that it contained a version of the Dreambot/Ursnif trojan, which had a compilation date of Tue Oct 10 2017, suggesting that existing versions of Dreambot are now being packaged with brand-new droppers. We recently received a malware sample that had been packed and compiled on Tue Feb 06 2018. ![]()
0 Comments
Leave a Reply. |