Domain Generation Algorithms Save
Some results of my DGA reversing efforts
Project README
Domain Generation Algorithms
Domain Generation Algorithms (DGAs) of Malware reimplemented in Python.
Overview
banjori (aka MultiBanker 2, BankPatch(er))
Links
Example Domains
- earnestnessbiophysicalohax.com
- kwtoestnessbiophysicalohax.com
- rvcxestnessbiophysicalohax.com
- hjbtestnessbiophysicalohax.com
- txmoestnessbiophysicalohax.com
- agekestnessbiophysicalohax.com
- dbzwestnessbiophysicalohax.com
- sgjxestnessbiophysicalohax.com
- igjyestnessbiophysicalohax.com
- zxahestnessbiophysicalohax.com
bazarbackdoor (aka BazarLoader Team9Backdoor))
Links
- https://johannesbader.ch/blog/the-dga-of-bazarbackdoor/
- https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/
- https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/
Example Domains
Real DGA:
- adegjkaiggjm.bazar
- eehhjmejjhjo.bazar
- dehiildjjiin.bazar
- ceeiklcjgikn.bazar
- dceikkdhgikm.bazar
- bfehjmbkghjo.bazar
- adegjmaiggjo.bazar
- dchiikdhjiim.bazar
- efehikekghim.bazar
- bdhhjkbijhjm.bazar
Buggy DGA: -_fdgimzkfgio.bazaar -e`bfkieedfkk.bazaar -efdgikekfgim.bazaar -]begimzgggio.bazaar -bbbfhlbgdfhn.bazaar -^ehikizjjikk.bazaar -aechimajehio.bazaar -]defiizigfik.bazaar -``geiizeieik.bazaar -degfjkdjifjm.bazaar
bumblebee
Example Domains
- cmid1s1zeiu.life
- itszko2ot5u.life
- 3v1n35i5kwx.life
- newdnq1xnl9.life
- jkyj6awt1ao.life
- ddrjv6y42b8.life
- 1pnhp5o5za1.life
- y13iqvlfjl5.life
- xp0btfgegbo.life
chinad
Links
Example Domains
- 8f6bacmw30xxv6sc.cn
- 486txu3yjly0xcmz.ru
- xmi6x8zg9rkanmyo.info
- spy1jhdbmvt2ueva.net
- evybt5gtf2tprvbi.info
- 7qbys97e3pcw262c.info
- kz89iy97c7n7vbur.biz
- zmkvvlsvkbffnuez.ru
- tr1yy6lxtry1gsts.biz
- mfq6uwq3p2hvc8zn.cn
corebot
Links
Example Domains
- lkhylm0mhyfuhg.ddns.net
- s63234wluv5v365bwp5.ddns.net
- afe6mfy23xcxgfa.ddns.net
- 7rsl1f34sfq0oj3jwvmfa6c.ddns.net
- ir7l3po0gjy8ypqjm8o.ddns.net
- 3lgrupwdivsfm2w4kng2iha.ddns.net
- i8a0q2wdu8otulkfylo2gdq.ddns.net
- kh1her76avy0qnelivijwd1.ddns.net
- ubgp1f1han7lu410eh5.ddns.net
- uliry8knadmpmdm4wti6oro.ddns.net
dircrypt
Links
Example Domains
- rauggyguyp.com
- llullzza.com
- mluztamhnngwgh.com
- mycojenxktsmozzthdv.com
- inbxvqkegoyapgv.com
- furiararji.com
- zrkdvzjhse.com
- wyuhdsdttczd.com
- hpaxgpkteomjaxywwelr.com
- mydojltbqjnwailyyoa.com
dnschanger (aka Alureon)
Links
Example Domains
- aktklyvbiu.com
- zgimjzlnrl.com
- tcfejerekw.com
- tfaunnjmxt.com
- ydvlfpkguw.com
fobber (aka Tinba v3)
Example Domains
- vhkintjtksyxgjrzz.net
- btpnxlsfdqbhzazyx.net
- ukfmknjdenthvktgc.net
- qupxsrhrmuoinqrit.net
- gjsbydmrpfzsmnfiu.net
- indpstqbetcpcqprx.net
- gwrdmhyjfcpcutmhp.net
- bwnzcyypcbmnlpfsw.net
- twkpwfuecvvzcincq.net
- pdwfuxgnahmgsxhit.net
fosniw
Example Domains
- app2.winsoft0.com
- app2.winsoft1.com
- app2.winsoft2.com
- app2.winsoft3.com
- app2.winsoft4.com
- app2.winsoft5.com
- app2.winsoft6.com
- app2.winsoft7.com
- app2.winsoft8.com
- app2.winsoft9.com
gozi (aka Ursnif, Snifula, Papras)
Links
Example Domains
- quodpresidentemaxsagit.com
- pertantumfitusu.com
- indulgentiarumlicet.com
- moriblasphemianegocii.com
- ptribueretnossetnonin.com
- nonsicordinario.com
- svivacpecunias.com
- inestimabiler.com
- ulpurgatoriopetrum.com
- papacricognitisipro.com
kraken/v1 (aka Bobax, Oderoor)
Links
Example Domains
- ibbwnhgh.mooo.com
- rbqdxflojkj.mooo.com
- smhburg.dyndns.org
- bltjhzqp.dyndns.org
- clwafrfuuxq.yi.org
- cffxugijxn.yi.org
- ivxcxbj.dynserv.com
- etllejr.dynserv.com
- otpxmk.mooo.com
- ejfjyd.mooo.com
kraken/v2 (aka Bobax, Oderoor)
Links
Example Domains
- xpdbwuimwag.com
- nwpegpjtx.com
- smmyuhxlt.net
- xjvyvnzivvt.net
- lvctmusxcyz.tv
- lvctmusxcyz.tv
- cjuszcfwo.cc
- egbmbdey.cc
- wjxaprgne.com
- vxbuggxhrgi.com
locky
Links
Example Domains
- gegjiimqmlgtdmk.tf
- pccibcjncnhjn.yt
- rddipikmrap.us
- mmhmkqfc.be
- vkcims.pm
- qtysmobytagnrv.it
- suhpqiumpjsv.ru
- cscffbwbhs.uk
m0yv
Links
- https://malpedia.caad.fkie.fraunhofer.de/details/win.m0yv
- YouTube video "Sinkholing the Domain Generation Algorithm of m0yv"
Time independent version in dga.py, time-dependent version in dga-td.py.
Example Domains
- pywolwnvd.biz
- ssbzmoy.biz
- cvgrf.biz
- npukfztj.biz
- przvgke.biz
- zlenh.biz
- knjghuig.biz
- uhxqin.biz
- anpmnmxo.biz
- lpuegx.biz
monerodownloader
Example Domains
- 31b4bd31fg1x2.org
- 31b4bd31fg1x2.tickets
- 31b4bd31fg1x2.blackfriday
- 31b4bd31fg1x2.hosting
- 31b4bd31fg1x2.feedback
- 3f8c8079fd4c5.org
- 3f8c8079fd4c5.tickets
- 3f8c8079fd4c5.blackfriday
- 3f8c8079fd4c5.hosting
- 3f8c8079fd4c5.feedback
murofet/v1 (aka LICAT)
Links
Example Domains
- giywswshrgxcvoqgvrkthmfa.ru
- xaiqpbprgymbvrwmzgiyprgdsk.com
- amgqgularpzxeapztxenbx.net
- pfscijbmthyfiyjgergugtkbqyh.org
- xglfcmsgorvwfilhmzlcxxvkfege.info
- rcteqwkequojntibvfyfaluwh.biz
- mjfqylbiaunffuaeunzdqdwscu.ru
- qobeylpxgpfknlptukyddqvklztg.com
- rgwgizukficdgetwsxovtcknwkfm.info
- betgyaeswxorwcvsdezdupbmb.org
murofet/v2 (aka LICAT)
Links
Example Domains
- cmqvvxtppnibli.biz
- cmqvvxtppnibli.com
- rloqpoiongsuwyq.net
- rloqpoiongsuwyq.org
- zsophzovtfor.info
- zsophzovtfor.biz
- nlifthjnbgnfweq.org
- nlifthjnbgnfweq.com
- hykpttqsxsmvkoc.info
- hykpttqsxsmvkoc.org
murofet/v3 (aka LICAT)
Links
Example Domains
- nxlya47huo61czerb18o51e11d30i55gycwe31lx.ru
- jwdzptm69p62izcve41f22k37oyj16g63fqote11.com
- p42p52nvd50izkqazaqe21lvo21pycqotp22e61.net
- b28n40i25b68gte41o61dwc19htc29jwgxiqfzbr.org
- ktirhsn50kzc49b58cyf32fwh14h64dzgxiqcz.info
- bre41hvc29kri15ewpwdsazjyn40p52kwe21gw.biz
- n30mwhsoxfqe51j56lunsg13o11hyd60ewf52nu.ru
- hvcsjxd20mzm29d40nznunta27c29kyi55fun50.com
- nzosg13oymzg63ntpxaro51btkvfyoshrk27.info
- czfsn20exg53nzcqcrg43exf62b28p22pyd50lu.org
mydoom (aka Novarg, Mimail.R, Shimgapi)
Example Domains
- qehspqnmrn.info
- mmahaesqar.in
- pwprhhnqqn.in
- mrspmramrn.in
- arphansaqh.com
- hrhspsrenn.net
- aepaaemrmn.com
- wsaehwmnms.in
- arwrseqssh.com
- ewamspqwha.ws
necurs
Links
Example Domains
- nccojqvabqvkiwhj.mx
- hoedwwwywnmmbi.ac
- aeaeneaoinf.mu
- ccecggc.us
- mfffpmgtplxbyagbtegh.com
- thlxuwnadtdtsm.biz
- edkomqpeufjyafccj.in
- mxomklaqau.pw
- nvutiptwteltin.tv
- nhysbiomr.ir
newgoz (aka Gameover Zeus, Peer-to-Peer Zeus)
Links
Example Domains
- xzz3ug32bale1uo60y7xj6rge.com
- 1hyzmw3l2phycet88hzr2do34.net
- 2ppq821cfem5m1mdua46pxg7bj.biz
- unlm9w9l8upy1kdde0kba7ktf.org
- 1ixhw3p1ncr3cf1pjfrpz14n1u0e.com
- 1o460ktpdhna1k0lk3ecwujxn.net
- 183t0wjzlthe51wigptk4rl29.org
- 1i3ux5a1hj6ndqejmxone45g0v.net
- 5mcdp71mbutpb1tglu0s4p0lrf.com
- n3i5yn19w82vmmpxv1k1l4xrjg.org
ngioweb
Links
- Netlab - An Analysis of Linux.Ngioweb Botnet
- Netlab - Quick update on the Linux.Ngioweb botnet, now it is going after IoT devices
Example Domains
minihileth-subatudofy.org revodihudom.info enisobure-antidimadom-minikevuship.org semiridinution-postepudency.com prolefexity-disorisance.org nonebazish-disahibelen-misehurarage.name ilolupage-nonurisudize-minikazolike.net semicofaxiful-enixakor-subafapehen.info overedaxive-nonameraness.net prevomozary-microfemaly.info
nymaim
Example Domains
- oftbpec.com
- lotmpwyk.info
- seikpwq.info
- bcfatyltdvp.info
- rfwstgy.com
- hokybhnf.biz
- evlovrxuw.net
- mtzpbzbfvy.info
- hacckgiakhl.com
- mosmeuw.net
nymaim2
Links
Example Domains
- surfaces-drawing.com
- shaft-criterion.cc
- stops-hash.id
- unitsknowledge.com
- wiredgraph.tm
- timelydesignation.co
- stablelikely.ch
- stainless-loan.lk
- wagon-documents.sc
- trainerprocessors.tk
padcrypt
Links
Example Domains
- elkfcfnacacmofdf.com
- mkmeeefncfnfdmbm.de
- ffcdcnbmmnaeddcd.com
- ddkfodnaadmbmofo.co.uk
- efneboaodnmbecoa.co
- bafomkfalcfcdkom.info
- onlmcddadnacfclc.com
- dcfmddfbobkmafma.com
- lmmfdccmnnfnmfdl.co
- kcknconmceeemlnm.com
pitou
Links
Example Domains
- --------------+
- koohoavab.net |
- koohoavac.net |
- koohoavad.net |
- koohoavaf.net |
- koohoavag.net |
- koohoavah.net |
- koohoavaj.net |
- koohoavak.net |
- koohoaval.net |
pizd
Links
Example Domains
- difficultnearly.net
- dollarnearly.net
- difficultpossible.net
- dollarpossible.net
- eearlynation.net
- escapenation.net
- eearlypleasure.net
- escapepleasure.net
- eearlynearly.net
- escapenearly.net
proslikefan
Links
Example Domains
- flarvcpk.eu
- stjneohiod.biz
- vcevvkc.se
- qylptiin.info
- bsvisbttr.com
- hjiknr.net
- arpeiezki.org
- gobqca.ru
- tivqfahrmxdl.in
- smutloo.name
pushdo
Example Domains
- weafokuggeir.kz
- sictemuborug.kz
- cirpicficj.kz
- geijanmap.kz
- fuxhuxsabi.kz
- siclisozdokq.kz
- sozcoqnafrex.kz
- qeobifups.kz
- cokoqdeah.kz
- latqafbuxwic.kz
pykspa/improved
Links
Example Domains
- uammskmq.org
- jqplflktas.info
- rybwtr.net
- uyznvxlof.info
- gakcmqiw.com
- wewsvat.net
- owhadwkskevw.net
- nkndlzhjgrpc.info
- isypszqe.net
- joebbaamoyt.info
pykspa/precursor
Links
Example Domains
- llfwhgn.com
- guqqkaiq.biz
- wctymo.net
- lovfjsfox.com
- oruhbanansnan.cc
- mkncjk.biz
- yunonsuiwcymao.net
- yxpojufqbex.com
- qhxgzufqbex.cc
- yywiywiq.biz
qadars
Links
Example Domains
- jk9enwhansl2.org
- sdqfodmf81m7.net
- 5uro1uzspejk.net
- ub4hinsduf0p.net
- zs9ijo1er81u.com
- 0t67c5arw9yf.net
- lev41encha38.net
- 67k1q3c1mr8x.org
- 7w1yf49irk5m.net
- gdunwhq7s9qb.org
qakbot
Links
Example Domains
- bqkrtxgkmriwsiwcngtivpx.info
- jdtmfupdyueqeldvhsjzdvzob.net
- guhmpoxzivhba.com
- nqqxqhuacaqhzurde.org
- lgqsqgpqzijwid.info
- ykolyecdcyk.biz
- ztvflnxqzpxvpfobv.biz
- zqrmkpivrbxccawozqwqpfzh.org
- iqyqwhntrxfeq.org
- ftadkbomxlnsib.info
qsnatch
Links
Example Domains
- t2q2r.cf
- gc9nz.tk
- 07tvvc.com
- 7ubqo.ml
- 53bcm.de
- 6zltf.rocks
- hv7uv.mx
- nypno.biz
- qkzccy.net
- rassb.cn
ramnit
Links
Example Domains
- knpqxlxcwtlvgrdyhd.com
- nvlyffua.com
- hgyudheedieibxy.com
- anrylixwcbnjopdd.com
- vrndmdrdrjoff.com
- jhghrlufoh.com
- tqjhvylf.com
- hufqifjq.com
- itktxexjghvvxa.com
- ppyblaohb.com
ranbyus/may
Links
Example Domains
- ikwoqkwuajpbyx.com
- niukpdrluwlfox.pw
- rcnxisuibbadng.in
- wbqtidjvsdiwee.me
- jrdyumcieyipnv.cc
- yvyfwikedfxitk.su
- tviurcntxylxnj.tw
- lycyrvfcemepfm.net
- epddeukdimbpft.com
- trbhxhmbsikoaq.pw
ranbyus/september
Links
Example Domains
- jxbdxeyxttdmcjagi.me
- iqmadgybfhnrssadm.cc
- gdoldaognceaedkke.su
- jnbnyrmxmpblfgstk.tw
- ucjetnyaitygjidva.net
- jejocqwtcbtuymvao.com
- stuctjsqfxghcesyw.pw
- gfidctymbxiaqyuyk.in
- ojrqwrlhesfshawva.me
- bqjqvwwjirftwkjel.cc
reconyc
This DGA has unpredictable seeding, i.e., it uses GetTickCount as the seed. I still list the DGA as it might be useful for testing or training DGA detection algorithms.
Example Domains
- E5zHail0Mw.com
- gabbvK2o6s.com
- CumpP2A4d7.com
- 5eswmwNQyF.com
- lExfSzyuwP.com
- JZpESGsPFF.com
- UmIaRnijeT.com
- sHr0xE9Idm.com
- nYcEX7wlCF.com
- VCiZNQXwpO.com
sharkbot
Example Domains
- 64f30398ecda3bbf.xyz
- f008fc473fddedc4.live
- cfbadaf0cd7b0ac3.com
- b8d28386413029fe.store
- 99c485497c079a09.info
- 6d54b683fc2cc58f.top
- abb7547058fef9fb.net
shiotob (aka Urlzone, Bebloh)
Links
Example Domains
- wtipubctwiekhir.net
- rwmu35avqo12tqc.com
- rskb5bsfhm2fk5h.net
- rbp9pprrxgflut9.com
- zzxeyzgy45yy2a.net
- e3oa4wglvd21xa.com
- mqmq1hvmtxzjv.net
- pd4o4wu24vimn.com
- tlmrzvpbpsqsb.net
- pbmnz59uzndpo.com
simda (aka Shiz)
Links
Example Domains
- gatyfus.com
- lyvyxor.com
- vojyqem.com
- qetyfuv.com
- puvyxil.com
- gahyqah.com
- lyryfyd.com
- vocyzit.com
- qegyqaq.com
- purydyv.com
sisron (aka TOMB, Win32/Agent.WRQ, Trojan.Scar)
Links
Example Domains
- mdiwnjiwmtya.com
- mdewnjiwmtya.com
- mzewntiwmtya.com
- mzawntiwmtya.com
- mjkwntiwmtya.com
- mjgwntiwmtya.com
- mjcwntiwmtya.com
- mjywntiwmtya.com
- mjuwntiwmtya.com
- mjqwntiwmtya.com
suppobox
Links
Example Domains
- journey
- destroy
- against
- night
- within
- effort
- street
- better
- husband
- little
symmi
Links
Example Domains
- ogovugtuipawi.ddns.net
- afowkaupbabe.ddns.net
- ipkureleakm.ddns.net
- hegiruqo.ddns.net
- luimreim.ddns.net
- tiakqukoahuvu.ddns.net
- loelkuanduur.ddns.net
- agdehukoev.ddns.net
- giagkuekorla.ddns.net
- leufiroqipomu.ddns.net
tempedreve
Links
Example Domains
- dlbebsga.net
- enqbgrmt.com
- xjlwpfnk.info
- ebabkjcx.org
- hvisietg.net
- svyjglen.com
- glknxfgq.info
- adoduloh.org
- jgrxrxwh.net
- ctmrgbmz.com
tinba (aka TinyBanker, Zusy)
Links
Example Domains
- blackfreeqazyio.cc
- nvfowikhevmy.com
- nvfowikhevmy.net
- nvfowikhevmy.in
- nvfowikhevmy.ru
- sjhuqlwrqhqx.com
- sjhuqlwrqhqx.net
- sjhuqlwrqhqx.in
- sjhuqlwrqhqx.ru
- pxqgonyogeee.com
tufik
Example Domains
- dbqwpmpnruesywj.com
- qxxmubfleztlnkx.com
- rrnywowqgmjvnltg.com
- rqnjdvzpsmbuw.com
- utoiopxjrphvoiy.org
- ttoouemmimnxnmj.com
- nmjsoourllgveecj.org
- juprvzxqotonvvs.biz
- nmjsoourllgveecj.biz
- dotqwjmhqlushjlo.biz
dmsniff
Example Domains
- albdfhln.com
- alcgkown.com
- aldjpvqt.com
- alemuown.com
- alfpmrnq.org
- algspvqt.org
- alhvrytw.org
- aliyuown.org
- aljnwpyo.org
- alkpmrnq.net
unnamed_downloader
Example Domains
- ddknt.github.io
- ddktn.github.io
- ddnkt.github.io
- ddntk.github.io
- ddtkn.github.io
- ddtnk.github.io
- dkdnt.github.io
- dkdtn.github.io
- dkndt.github.io
- dkntd.github.io
unnamed_javascript_dga
Links
Example Domains
- rxxeqcoy.cc
- kmymbyzd.co
- cfukbzbmg.eu
- sblwtafc.cc
- lqdoacat.co
- dplmjcjic.eu
- ttukaiwjdx.cc
- meimklqh.co
- enmxqcxhtl.eu
- unmias.cc
vawtrak
Links
Example Domains
- usahwutle.com
- folocnam.com
- awumsah.com
- edorwufli.com
- misocgutlah.com
- edarwotda.com
- melarwetdic.com
- usucnitdohg.com
- regomseh.com
- osicnumd.com
xmrig_genesis (a XMRig malware using the bitcoin genesis block as seed))
Example Domains
- 1d78e50d.com
- 1d78e50d.net
- 1d78e50d.org
- 1d78e50d.duckdns.org
- 2b04216f.com
- 2b04216f.net
- 2b04216f.org
- 2b04216f.duckdns.org
- 2e1d985c.com
- 2e1d985c.net
Open Source Agenda is not affiliated with "Domain Generation Algorithms" Project. README Source: baderj/domain_generation_algorithms
Stars
622
Open Issues
0
Last Commit
6 months ago
Repository
License
Open Source Agenda Badge
