Some results of my DGA reversing efforts
Domain Generation Algorithms (DGAs) of Malware reimplemented in Python.
Real DGA:
Buggy DGA: -_fdgimzkfgio.bazaar -e`bfkieedfkk.bazaar -efdgikekfgim.bazaar -]begimzgggio.bazaar -bbbfhlbgdfhn.bazaar -^ehikizjjikk.bazaar -aechimajehio.bazaar -]defiizigfik.bazaar -``geiizeieik.bazaar -degfjkdjifjm.bazaar
Time independent version in dga.py
, time-dependent version in dga-td.py
.
minihileth-subatudofy.org revodihudom.info enisobure-antidimadom-minikevuship.org semiridinution-postepudency.com prolefexity-disorisance.org nonebazish-disahibelen-misehurarage.name ilolupage-nonurisudize-minikazolike.net semicofaxiful-enixakor-subafapehen.info overedaxive-nonameraness.net prevomozary-microfemaly.info
This DGA has unpredictable seeding, i.e., it uses GetTickCount
as the seed. I still list the DGA as it might be useful for testing or training DGA detection algorithms.