Dreambot

Malware updated 4 months ago (2024-05-04T22:17:40.900Z)
Download STIX
Preview STIX
Dreambot, also known as Ursnif and Gozi ISFB, is a malicious software (malware) designed to steal passwords and credentials, primarily targeting the banking and financial sectors. It has been described by threat researchers as "frighteningly lucrative," compared to the already profitable cybercrime market. The malware is distributed globally through various means such as exploit kits, email attachments, and links. It has been linked to several ransomware variants including Bad Rabbit, GandCrab, LockBit 2.0, and STOP/DJVU, and numerous other malware samples like BankBot, Godzilla, Nymaim, Pony Loader, Privateloader, and SmokeLoader. Dreambot's activities were first noted in 2016 with payload links identified on July 8th and August 11th of that year. In one instance, it was distributed via a Microsoft Word attachment in Poland on June 22, 2016. Dreambot's distribution vectors span across a variety of exploit kits and both malicious document attachment and URL-based email campaigns, making it one of the most active banking Trojans recently observed. The malware continues to evolve, with multiple versions seen spreading in the wild over the past few months. Notably, the Tor-enabled versions of Dreambot present an increased challenge for defenders and IT organizations due to their difficult detection at the network level. Furthermore, the actor behind Dreambot offers fast flux on infected computers in regions such as Asia, Africa, and the Middle East, causing difficulties in blocking content due to changing IP addresses. Threat researchers continue to monitor Dreambot and its growing list of capabilities as it remains in active development.
Description last updated: 2024-05-04T21:45:16.505Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gozi Isfb
3
Gozi ISFB, also known as Ursnif and Dreambot, is a malicious software (malware) that has been actively developed and distributed worldwide. This malware is designed to exploit computer systems, primarily targeting the banking and financial sectors by stealing passwords and credentials from victims.
Ursnif
2
Ursnif, also known as Gozi or ISFB, is a type of malware that poses significant threats to computer systems and user data. It's often distributed through suspicious downloads, emails, or websites, infiltrating systems without the user's knowledge. Once installed, Ursnif can steal personal informatio
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Dreambot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
7 months ago
Why Bulletproof Hosting is Key to Cybercrime-as-a-Service
BankInfoSecurity
a year ago
New Malware WikiLoader Targeting Italian Organizations
CERT-EU
a year ago
Last of the Gozi 3 gets 36 months for malware ops scheme
MITRE
2 years ago
Ursnif Variant Dreambot Adds Tor Functionality | Proofpoint