DreamBot

Description

(Proofpoint) The Dreambot malware is still in active development and over the last few months we have seen multiple versions of it spreading in the wild. The Tor-enabled version of Dreambot has been active since at least July 2016, when we first observed the malware successfully download the Tor client and connect to the Tor network. Today, many Dreambot samples include this functionality, but few use it as their primary mode of communication with their command and control (C&C) infrastructure. However, in the future this feature may be utilized much more frequently, creating additional problems for defenders.

Names

Name
DreamBot

Category

Malware

Type

• Banking trojan
• Info stealer
• Credential stealer
• Botnet

Information

• https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality
• https://lokalhost.pl/gozi_tree.txt

Mitre Attack

• https://attack.mitre.org/software/S0386

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.dreambot

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=DreamBot

Other Information

Uuid

f979f85d-68d3-44b5-a2b6-ef0774f7c717

Last Card Change

2023-10-13