HOMETHREATSDreamBot
APT / THREAT GROUP

DreamBot

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

2010 Gozi v2.0, Gozi ISFB, ISFB, Pandemyia(*)

2014 Dreambot (Gozi ISFB variant)

In 2014, a variant of Gozi ISFB was developed. Mainly, the dropper performs additional anti-vm checks (vmware, vbox, qemu), while the actual bot-dll remains unchanged in most parts. New functionality, such as TOR support, was added though and often, the Fluxxy fast-flux network is used.

See win.gozi for additional historical information.

Threat Analysis

DreamBot is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.dreambotDreamBot

External Intelligence

Malpedia: win.dreambot

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.