ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool DreamBot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: DreamBot

NamesDreamBot
CategoryMalware
TypeBanking trojan, Info stealer, Credential stealer, Botnet
Description(Proofpoint) The Dreambot malware is still in active development and over the last few months we have seen multiple versions of it spreading in the wild. The Tor-enabled version of Dreambot has been active since at least July 2016, when we first observed the malware successfully download the Tor client and connect to the Tor network. Today, many Dreambot samples include this functionality, but few use it as their primary mode of communication with their command and control (C&C) infrastructure. However, in the future this feature may be utilized much more frequently, creating additional problems for defenders.
Information<https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality>
<https://lokalhost.pl/gozi_tree.txt>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.dreambot>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=DreamBot>

Last change to this tool card: 23 May 2020

Download this tool card in JSON format

Previous: Dozer
Next: Dridex

All groups using tool DreamBot

ChangedNameCountryObserved

Unknown groups

 _[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key