Skip to content

Latest commit

 

History

History
1000 lines (795 loc) · 21.8 KB

README.md

File metadata and controls

1000 lines (795 loc) · 21.8 KB

Domain Generation Algorithms

Domain Generation Algorithms (DGAs) of Malware reimplemented in Python.

Overview

banjori (aka MultiBanker 2, BankPatch(er))

Links

Example Domains

  • earnestnessbiophysicalohax.com
  • kwtoestnessbiophysicalohax.com
  • rvcxestnessbiophysicalohax.com
  • hjbtestnessbiophysicalohax.com
  • txmoestnessbiophysicalohax.com
  • agekestnessbiophysicalohax.com
  • dbzwestnessbiophysicalohax.com
  • sgjxestnessbiophysicalohax.com
  • igjyestnessbiophysicalohax.com
  • zxahestnessbiophysicalohax.com
bazarbackdoor (aka BazarLoader Team9Backdoor))

Links

Example Domains

Real DGA:

  • adegjkaiggjm.bazar
  • eehhjmejjhjo.bazar
  • dehiildjjiin.bazar
  • ceeiklcjgikn.bazar
  • dceikkdhgikm.bazar
  • bfehjmbkghjo.bazar
  • adegjmaiggjo.bazar
  • dchiikdhjiim.bazar
  • efehikekghim.bazar
  • bdhhjkbijhjm.bazar

Buggy DGA: -_fdgimzkfgio.bazaar -e`bfkieedfkk.bazaar -efdgikekfgim.bazaar -]begimzgggio.bazaar -bbbfhlbgdfhn.bazaar -^ehikizjjikk.bazaar -aechimajehio.bazaar -]defiizigfik.bazaar -``geiizeieik.bazaar -degfjkdjifjm.bazaar

bumblebee

Example Domains

  • cmid1s1zeiu.life
  • itszko2ot5u.life
  • 3v1n35i5kwx.life
  • newdnq1xnl9.life
  • jkyj6awt1ao.life
  • ddrjv6y42b8.life
  • 1pnhp5o5za1.life
  • y13iqvlfjl5.life
  • xp0btfgegbo.life
chinad

Links

Example Domains

  • 8f6bacmw30xxv6sc.cn
  • 486txu3yjly0xcmz.ru
  • xmi6x8zg9rkanmyo.info
  • spy1jhdbmvt2ueva.net
  • evybt5gtf2tprvbi.info
  • 7qbys97e3pcw262c.info
  • kz89iy97c7n7vbur.biz
  • zmkvvlsvkbffnuez.ru
  • tr1yy6lxtry1gsts.biz
  • mfq6uwq3p2hvc8zn.cn
corebot

Links

Example Domains

  • lkhylm0mhyfuhg.ddns.net
  • s63234wluv5v365bwp5.ddns.net
  • afe6mfy23xcxgfa.ddns.net
  • 7rsl1f34sfq0oj3jwvmfa6c.ddns.net
  • ir7l3po0gjy8ypqjm8o.ddns.net
  • 3lgrupwdivsfm2w4kng2iha.ddns.net
  • i8a0q2wdu8otulkfylo2gdq.ddns.net
  • kh1her76avy0qnelivijwd1.ddns.net
  • ubgp1f1han7lu410eh5.ddns.net
  • uliry8knadmpmdm4wti6oro.ddns.net
darkcracks

Links

Example Domains

  • sTDFUgOAgjL.com
  • EVDFUgOAgjL.com
  • AVDFUgOAgjL.com
  • MVDFUgOAgjL.com
  • IVDFUgOAgjL.com
  • UVDFUgOAgjL.com
  • QVDFUgOAgjL.com
  • YTCFUgOAgjL.com
  • kTCFUgOAgjL.com
  • gTCFUgOAgjL.com
dircrypt

Links

Example Domains

  • rauggyguyp.com
  • llullzza.com
  • mluztamhnngwgh.com
  • mycojenxktsmozzthdv.com
  • inbxvqkegoyapgv.com
  • furiararji.com
  • zrkdvzjhse.com
  • wyuhdsdttczd.com
  • hpaxgpkteomjaxywwelr.com
  • mydojltbqjnwailyyoa.com
dnschanger (aka Alureon)

Links

Example Domains

  • aktklyvbiu.com
  • zgimjzlnrl.com
  • tcfejerekw.com
  • tfaunnjmxt.com
  • ydvlfpkguw.com
fobber (aka Tinba v3)

Example Domains

  • vhkintjtksyxgjrzz.net
  • btpnxlsfdqbhzazyx.net
  • ukfmknjdenthvktgc.net
  • qupxsrhrmuoinqrit.net
  • gjsbydmrpfzsmnfiu.net
  • indpstqbetcpcqprx.net
  • gwrdmhyjfcpcutmhp.net
  • bwnzcyypcbmnlpfsw.net
  • twkpwfuecvvzcincq.net
  • pdwfuxgnahmgsxhit.net
fosniw

Example Domains

  • app2.winsoft0.com
  • app2.winsoft1.com
  • app2.winsoft2.com
  • app2.winsoft3.com
  • app2.winsoft4.com
  • app2.winsoft5.com
  • app2.winsoft6.com
  • app2.winsoft7.com
  • app2.winsoft8.com
  • app2.winsoft9.com
gozi (aka Ursnif, Snifula, Papras)

Links

Example Domains

  • quodpresidentemaxsagit.com
  • pertantumfitusu.com
  • indulgentiarumlicet.com
  • moriblasphemianegocii.com
  • ptribueretnossetnonin.com
  • nonsicordinario.com
  • svivacpecunias.com
  • inestimabiler.com
  • ulpurgatoriopetrum.com
  • papacricognitisipro.com
kraken/v1 (aka Bobax, Oderoor)

Links

Example Domains

  • ibbwnhgh.mooo.com
  • rbqdxflojkj.mooo.com
  • smhburg.dyndns.org
  • bltjhzqp.dyndns.org
  • clwafrfuuxq.yi.org
  • cffxugijxn.yi.org
  • ivxcxbj.dynserv.com
  • etllejr.dynserv.com
  • otpxmk.mooo.com
  • ejfjyd.mooo.com
kraken/v2 (aka Bobax, Oderoor)

Links

Example Domains

  • xpdbwuimwag.com
  • nwpegpjtx.com
  • smmyuhxlt.net
  • xjvyvnzivvt.net
  • lvctmusxcyz.tv
  • lvctmusxcyz.tv
  • cjuszcfwo.cc
  • egbmbdey.cc
  • wjxaprgne.com
  • vxbuggxhrgi.com
locky

Links

Example Domains

  • gegjiimqmlgtdmk.tf
  • pccibcjncnhjn.yt
  • rddipikmrap.us
  • mmhmkqfc.be
  • vkcims.pm
  • qtysmobytagnrv.it
  • suhpqiumpjsv.ru
  • cscffbwbhs.uk
m0yv

Links

Time independent version in dga.py, time-dependent version in dga-td.py.

Example Domains

  • pywolwnvd.biz
  • ssbzmoy.biz
  • cvgrf.biz
  • npukfztj.biz
  • przvgke.biz
  • zlenh.biz
  • knjghuig.biz
  • uhxqin.biz
  • anpmnmxo.biz
  • lpuegx.biz
monerodownloader

Example Domains

  • 31b4bd31fg1x2.org
  • 31b4bd31fg1x2.tickets
  • 31b4bd31fg1x2.blackfriday
  • 31b4bd31fg1x2.hosting
  • 31b4bd31fg1x2.feedback
  • 3f8c8079fd4c5.org
  • 3f8c8079fd4c5.tickets
  • 3f8c8079fd4c5.blackfriday
  • 3f8c8079fd4c5.hosting
  • 3f8c8079fd4c5.feedback
murofet/v1 (aka LICAT)

Links

Example Domains

  • giywswshrgxcvoqgvrkthmfa.ru
  • xaiqpbprgymbvrwmzgiyprgdsk.com
  • amgqgularpzxeapztxenbx.net
  • pfscijbmthyfiyjgergugtkbqyh.org
  • xglfcmsgorvwfilhmzlcxxvkfege.info
  • rcteqwkequojntibvfyfaluwh.biz
  • mjfqylbiaunffuaeunzdqdwscu.ru
  • qobeylpxgpfknlptukyddqvklztg.com
  • rgwgizukficdgetwsxovtcknwkfm.info
  • betgyaeswxorwcvsdezdupbmb.org
murofet/v2 (aka LICAT)

Links

Example Domains

  • cmqvvxtppnibli.biz
  • cmqvvxtppnibli.com
  • rloqpoiongsuwyq.net
  • rloqpoiongsuwyq.org
  • zsophzovtfor.info
  • zsophzovtfor.biz
  • nlifthjnbgnfweq.org
  • nlifthjnbgnfweq.com
  • hykpttqsxsmvkoc.info
  • hykpttqsxsmvkoc.org
murofet/v3 (aka LICAT)

Links

Example Domains

  • nxlya47huo61czerb18o51e11d30i55gycwe31lx.ru
  • jwdzptm69p62izcve41f22k37oyj16g63fqote11.com
  • p42p52nvd50izkqazaqe21lvo21pycqotp22e61.net
  • b28n40i25b68gte41o61dwc19htc29jwgxiqfzbr.org
  • ktirhsn50kzc49b58cyf32fwh14h64dzgxiqcz.info
  • bre41hvc29kri15ewpwdsazjyn40p52kwe21gw.biz
  • n30mwhsoxfqe51j56lunsg13o11hyd60ewf52nu.ru
  • hvcsjxd20mzm29d40nznunta27c29kyi55fun50.com
  • nzosg13oymzg63ntpxaro51btkvfyoshrk27.info
  • czfsn20exg53nzcqcrg43exf62b28p22pyd50lu.org
mydoom (aka Novarg, Mimail.R, Shimgapi)

Example Domains

  • qehspqnmrn.info
  • mmahaesqar.in
  • pwprhhnqqn.in
  • mrspmramrn.in
  • arphansaqh.com
  • hrhspsrenn.net
  • aepaaemrmn.com
  • wsaehwmnms.in
  • arwrseqssh.com
  • ewamspqwha.ws
necurs

Links

Example Domains

  • nccojqvabqvkiwhj.mx
  • hoedwwwywnmmbi.ac
  • aeaeneaoinf.mu
  • ccecggc.us
  • mfffpmgtplxbyagbtegh.com
  • thlxuwnadtdtsm.biz
  • edkomqpeufjyafccj.in
  • mxomklaqau.pw
  • nvutiptwteltin.tv
  • nhysbiomr.ir
newgoz (aka Gameover Zeus, Peer-to-Peer Zeus)

Links

Example Domains

  • xzz3ug32bale1uo60y7xj6rge.com
  • 1hyzmw3l2phycet88hzr2do34.net
  • 2ppq821cfem5m1mdua46pxg7bj.biz
  • unlm9w9l8upy1kdde0kba7ktf.org
  • 1ixhw3p1ncr3cf1pjfrpz14n1u0e.com
  • 1o460ktpdhna1k0lk3ecwujxn.net
  • 183t0wjzlthe51wigptk4rl29.org
  • 1i3ux5a1hj6ndqejmxone45g0v.net
  • 5mcdp71mbutpb1tglu0s4p0lrf.com
  • n3i5yn19w82vmmpxv1k1l4xrjg.org
ngioweb

Links

Example Domains

minihileth-subatudofy.org revodihudom.info enisobure-antidimadom-minikevuship.org semiridinution-postepudency.com prolefexity-disorisance.org nonebazish-disahibelen-misehurarage.name ilolupage-nonurisudize-minikazolike.net semicofaxiful-enixakor-subafapehen.info overedaxive-nonameraness.net prevomozary-microfemaly.info

nymaim

Example Domains

  • oftbpec.com
  • lotmpwyk.info
  • seikpwq.info
  • bcfatyltdvp.info
  • rfwstgy.com
  • hokybhnf.biz
  • evlovrxuw.net
  • mtzpbzbfvy.info
  • hacckgiakhl.com
  • mosmeuw.net
nymaim2

Links

Example Domains

  • surfaces-drawing.com
  • shaft-criterion.cc
  • stops-hash.id
  • unitsknowledge.com
  • wiredgraph.tm
  • timelydesignation.co
  • stablelikely.ch
  • stainless-loan.lk
  • wagon-documents.sc
  • trainerprocessors.tk
padcrypt

Links

Example Domains

  • elkfcfnacacmofdf.com
  • mkmeeefncfnfdmbm.de
  • ffcdcnbmmnaeddcd.com
  • ddkfodnaadmbmofo.co.uk
  • efneboaodnmbecoa.co
  • bafomkfalcfcdkom.info
  • onlmcddadnacfclc.com
  • dcfmddfbobkmafma.com
  • lmmfdccmnnfnmfdl.co
  • kcknconmceeemlnm.com
pitou

Links

Example Domains

  • --------------+
  • koohoavab.net |
  • koohoavac.net |
  • koohoavad.net |
  • koohoavaf.net |
  • koohoavag.net |
  • koohoavah.net |
  • koohoavaj.net |
  • koohoavak.net |
  • koohoaval.net |
pizd

Links

Example Domains

  • difficultnearly.net
  • dollarnearly.net
  • difficultpossible.net
  • dollarpossible.net
  • eearlynation.net
  • escapenation.net
  • eearlypleasure.net
  • escapepleasure.net
  • eearlynearly.net
  • escapenearly.net
proslikefan

Links

Example Domains

  • flarvcpk.eu
  • stjneohiod.biz
  • vcevvkc.se
  • qylptiin.info
  • bsvisbttr.com
  • hjiknr.net
  • arpeiezki.org
  • gobqca.ru
  • tivqfahrmxdl.in
  • smutloo.name
pushdo

Example Domains

  • weafokuggeir.kz
  • sictemuborug.kz
  • cirpicficj.kz
  • geijanmap.kz
  • fuxhuxsabi.kz
  • siclisozdokq.kz
  • sozcoqnafrex.kz
  • qeobifups.kz
  • cokoqdeah.kz
  • latqafbuxwic.kz
pykspa/improved

Links

Example Domains

  • uammskmq.org
  • jqplflktas.info
  • rybwtr.net
  • uyznvxlof.info
  • gakcmqiw.com
  • wewsvat.net
  • owhadwkskevw.net
  • nkndlzhjgrpc.info
  • isypszqe.net
  • joebbaamoyt.info
pykspa/precursor

Links

Example Domains

  • llfwhgn.com
  • guqqkaiq.biz
  • wctymo.net
  • lovfjsfox.com
  • oruhbanansnan.cc
  • mkncjk.biz
  • yunonsuiwcymao.net
  • yxpojufqbex.com
  • qhxgzufqbex.cc
  • yywiywiq.biz
qadars

Links

Example Domains

  • jk9enwhansl2.org
  • sdqfodmf81m7.net
  • 5uro1uzspejk.net
  • ub4hinsduf0p.net
  • zs9ijo1er81u.com
  • 0t67c5arw9yf.net
  • lev41encha38.net
  • 67k1q3c1mr8x.org
  • 7w1yf49irk5m.net
  • gdunwhq7s9qb.org
qakbot

Links

Example Domains

  • bqkrtxgkmriwsiwcngtivpx.info
  • jdtmfupdyueqeldvhsjzdvzob.net
  • guhmpoxzivhba.com
  • nqqxqhuacaqhzurde.org
  • lgqsqgpqzijwid.info
  • ykolyecdcyk.biz
  • ztvflnxqzpxvpfobv.biz
  • zqrmkpivrbxccawozqwqpfzh.org
  • iqyqwhntrxfeq.org
  • ftadkbomxlnsib.info
qsnatch

Links

Example Domains

  • t2q2r.cf
  • gc9nz.tk
  • 07tvvc.com
  • 7ubqo.ml
  • 53bcm.de
  • 6zltf.rocks
  • hv7uv.mx
  • nypno.biz
  • qkzccy.net
  • rassb.cn
ramnit

Links

Example Domains

  • knpqxlxcwtlvgrdyhd.com
  • nvlyffua.com
  • hgyudheedieibxy.com
  • anrylixwcbnjopdd.com
  • vrndmdrdrjoff.com
  • jhghrlufoh.com
  • tqjhvylf.com
  • hufqifjq.com
  • itktxexjghvvxa.com
  • ppyblaohb.com
ranbyus/may

Links

Example Domains

  • ikwoqkwuajpbyx.com
  • niukpdrluwlfox.pw
  • rcnxisuibbadng.in
  • wbqtidjvsdiwee.me
  • jrdyumcieyipnv.cc
  • yvyfwikedfxitk.su
  • tviurcntxylxnj.tw
  • lycyrvfcemepfm.net
  • epddeukdimbpft.com
  • trbhxhmbsikoaq.pw
ranbyus/september

Links

Example Domains

  • jxbdxeyxttdmcjagi.me
  • iqmadgybfhnrssadm.cc
  • gdoldaognceaedkke.su
  • jnbnyrmxmpblfgstk.tw
  • ucjetnyaitygjidva.net
  • jejocqwtcbtuymvao.com
  • stuctjsqfxghcesyw.pw
  • gfidctymbxiaqyuyk.in
  • ojrqwrlhesfshawva.me
  • bqjqvwwjirftwkjel.cc
reconyc

This DGA has unpredictable seeding, i.e., it uses GetTickCount as the seed. I still list the DGA as it might be useful for testing or training DGA detection algorithms.

Example Domains

  • E5zHail0Mw.com
  • gabbvK2o6s.com
  • CumpP2A4d7.com
  • 5eswmwNQyF.com
  • lExfSzyuwP.com
  • JZpESGsPFF.com
  • UmIaRnijeT.com
  • sHr0xE9Idm.com
  • nYcEX7wlCF.com
  • VCiZNQXwpO.com
sharkbot

Example Domains

  • 64f30398ecda3bbf.xyz
  • f008fc473fddedc4.live
  • cfbadaf0cd7b0ac3.com
  • b8d28386413029fe.store
  • 99c485497c079a09.info
  • 6d54b683fc2cc58f.top
  • abb7547058fef9fb.net
shiotob (aka Urlzone, Bebloh)

Links

Example Domains

  • wtipubctwiekhir.net
  • rwmu35avqo12tqc.com
  • rskb5bsfhm2fk5h.net
  • rbp9pprrxgflut9.com
  • zzxeyzgy45yy2a.net
  • e3oa4wglvd21xa.com
  • mqmq1hvmtxzjv.net
  • pd4o4wu24vimn.com
  • tlmrzvpbpsqsb.net
  • pbmnz59uzndpo.com
simda (aka Shiz)

Links

Example Domains

  • gatyfus.com
  • lyvyxor.com
  • vojyqem.com
  • qetyfuv.com
  • puvyxil.com
  • gahyqah.com
  • lyryfyd.com
  • vocyzit.com
  • qegyqaq.com
  • purydyv.com
sisron (aka TOMB, Win32/Agent.WRQ, Trojan.Scar)

Links

Example Domains

  • mdiwnjiwmtya.com
  • mdewnjiwmtya.com
  • mzewntiwmtya.com
  • mzawntiwmtya.com
  • mjkwntiwmtya.com
  • mjgwntiwmtya.com
  • mjcwntiwmtya.com
  • mjywntiwmtya.com
  • mjuwntiwmtya.com
  • mjqwntiwmtya.com
suppobox

Links

Example Domains

  • journey
  • destroy
  • against
  • night
  • within
  • effort
  • street
  • better
  • husband
  • little
symmi

Links

Example Domains

  • ogovugtuipawi.ddns.net
  • afowkaupbabe.ddns.net
  • ipkureleakm.ddns.net
  • hegiruqo.ddns.net
  • luimreim.ddns.net
  • tiakqukoahuvu.ddns.net
  • loelkuanduur.ddns.net
  • agdehukoev.ddns.net
  • giagkuekorla.ddns.net
  • leufiroqipomu.ddns.net
tempedreve

Links

Example Domains

  • dlbebsga.net
  • enqbgrmt.com
  • xjlwpfnk.info
  • ebabkjcx.org
  • hvisietg.net
  • svyjglen.com
  • glknxfgq.info
  • adoduloh.org
  • jgrxrxwh.net
  • ctmrgbmz.com
tinba (aka TinyBanker, Zusy)

Links

Example Domains

  • blackfreeqazyio.cc
  • nvfowikhevmy.com
  • nvfowikhevmy.net
  • nvfowikhevmy.in
  • nvfowikhevmy.ru
  • sjhuqlwrqhqx.com
  • sjhuqlwrqhqx.net
  • sjhuqlwrqhqx.in
  • sjhuqlwrqhqx.ru
  • pxqgonyogeee.com
tufik

Example Domains

  • dbqwpmpnruesywj.com
  • qxxmubfleztlnkx.com
  • rrnywowqgmjvnltg.com
  • rqnjdvzpsmbuw.com
  • utoiopxjrphvoiy.org
  • ttoouemmimnxnmj.com
  • nmjsoourllgveecj.org
  • juprvzxqotonvvs.biz
  • nmjsoourllgveecj.biz
  • dotqwjmhqlushjlo.biz
dmsniff

Example Domains

  • albdfhln.com
  • alcgkown.com
  • aldjpvqt.com
  • alemuown.com
  • alfpmrnq.org
  • algspvqt.org
  • alhvrytw.org
  • aliyuown.org
  • aljnwpyo.org
  • alkpmrnq.net
unnamed_downloader

Example Domains

  • ddknt.github.io
  • ddktn.github.io
  • ddnkt.github.io
  • ddntk.github.io
  • ddtkn.github.io
  • ddtnk.github.io
  • dkdnt.github.io
  • dkdtn.github.io
  • dkndt.github.io
  • dkntd.github.io
unnamed_javascript_dga

Links

Example Domains

  • rxxeqcoy.cc
  • kmymbyzd.co
  • cfukbzbmg.eu
  • sblwtafc.cc
  • lqdoacat.co
  • dplmjcjic.eu
  • ttukaiwjdx.cc
  • meimklqh.co
  • enmxqcxhtl.eu
  • unmias.cc
vawtrak

Links

Example Domains

  • usahwutle.com
  • folocnam.com
  • awumsah.com
  • edorwufli.com
  • misocgutlah.com
  • edarwotda.com
  • melarwetdic.com
  • usucnitdohg.com
  • regomseh.com
  • osicnumd.com
xmrig_genesis (a XMRig malware using the bitcoin genesis block as seed))

Example Domains

  • 1d78e50d.com
  • 1d78e50d.net
  • 1d78e50d.org
  • 1d78e50d.duckdns.org
  • 2b04216f.com
  • 2b04216f.net
  • 2b04216f.org
  • 2b04216f.duckdns.org
  • 2e1d985c.com
  • 2e1d985c.net
zloader

Links

Example Domains

  • gdurfdsywubjaaqcqhrh.com
  • vudktykcecigekhtwwqn.com
  • jcaofaekffeojktmpdax.com
  • iiphrhkculpnubvvxnbh.com
  • bjdbpgbjdyredhfyvpie.com
  • wramitvqeojecedajxoj.com
  • ohyjybhogoeoabjqvpie.com
  • fscqtelyeogmxudotlao.com
  • nsdtxvnwtxjwphbuqffe.com
  • bohchavtvhbejwcmekvo.com