Dreambot

Malware updated 23 days ago (2024-11-29T14:01:47.728Z)
Download STIX
Preview STIX
Dreambot, also known as Ursnif and Gozi ISFB, is a malicious software (malware) designed to steal passwords and credentials, primarily targeting the banking and financial sectors. It has been described by threat researchers as "frighteningly lucrative," compared to the already profitable cybercrime market. The malware is distributed globally through various means such as exploit kits, email attachments, and links. It has been linked to several ransomware variants including Bad Rabbit, GandCrab, LockBit 2.0, and STOP/DJVU, and numerous other malware samples like BankBot, Godzilla, Nymaim, Pony Loader, Privateloader, and SmokeLoader. Dreambot's activities were first noted in 2016 with payload links identified on July 8th and August 11th of that year. In one instance, it was distributed via a Microsoft Word attachment in Poland on June 22, 2016. Dreambot's distribution vectors span across a variety of exploit kits and both malicious document attachment and URL-based email campaigns, making it one of the most active banking Trojans recently observed. The malware continues to evolve, with multiple versions seen spreading in the wild over the past few months. Notably, the Tor-enabled versions of Dreambot present an increased challenge for defenders and IT organizations due to their difficult detection at the network level. Furthermore, the actor behind Dreambot offers fast flux on infected computers in regions such as Asia, Africa, and the Middle East, causing difficulties in blocking content due to changing IP addresses. Threat researchers continue to monitor Dreambot and its growing list of capabilities as it remains in active development.
Description last updated: 2024-05-04T21:45:16.505Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Gozi Isfb is a possible alias for Dreambot. Gozi ISFB, also known as Ursnif and Dreambot, is a malicious software (malware) that has been actively developed and distributed worldwide. This malware is designed to exploit computer systems, primarily targeting the banking and financial sectors by stealing passwords and credentials from victims.
3
Ursnif is a possible alias for Dreambot. Ursnif, also known as Gozi or ISFB, is a type of malware that has been distributed by threat actor group TA551. This harmful software can infiltrate systems via suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data for ra
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Dreambot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more