From PDNS: A fix length of 40, hexadecimal notation, tlds:[com, net, org] #47

suqitian · 2018-06-26T08:34:22Z

A suspicious DGA cluster from PDNS
Domains on 2018-06-17

bb323d822f4797fc84845f12fb29bc96ee70e65b.com
bb323d822f4797fc84845f12fb29bc96ee70e65b.net
bb323d822f4797fc84845f12fb29bc96ee70e65b.org
k35e061fe90493acc9471b2b046454bc7c32d251.com
k35e061fe90493acc9471b2b046454bc7c32d251.net
k35e061fe90493acc9471b2b046454bc7c32d251.org

The text was updated successfully, but these errors were encountered:

suqitian · 2018-06-26T08:49:23Z

Found a suspicious sample from sandbox
MD5
c7b8f240f0a811438fa582f292183584
Domains generated on different dates, make me confused.

20170722        pokolenie62.ru
20170722        wpad.hbdaily.com
20170723        administradoresdefincas.org
20170723        bsmn.ru
20170723        c67ff55ce746bdbd008cd6e347685b94cd9242c9.com
20170723        c67ff55ce746bdbd008cd6e347685b94cd9242c9.net.hbdaily.com
20170723        c67ff55ce746bdbd008cd6e347685b94cd9242c9.net
20170723        c67ff55ce746bdbd008cd6e347685b94cd9242c9.org.hbdaily.com
20170723        c67ff55ce746bdbd008cd6e347685b94cd9242c9.org
20170723        capitalcitydents.com
20170723        copter66.hu
20170723        dryckguiden.se
20170723        gadgets77.ru
20170723        gondalcare.no
20170723        kalush-granit.info
20170723        kamilmingu.com
20170723        podaroklubimoy.ru
20170723        reraum.com
20170723        srv70.putdrive.com
20170723        thefitfactory.net
20170723        uamix.com.ua
20170723        www.baricittafutura.fm
20170723        www.dorothea-seeber.de
20170723        xomyk.ru
20170723        zipnasos.ru
20170724        bf1700a7d24dc0838b0d8bb94591542f67e78ba7.com
20170724        bf1700a7d24dc0838b0d8bb94591542f67e78ba7.net
20170724        bf1700a7d24dc0838b0d8bb94591542f67e78ba7.org
20170725        b6b579dc2162f307c3540427c8d4ef7aae857574.com
20170725        b6b579dc2162f307c3540427c8d4ef7aae857574.net
20170725        b6b579dc2162f307c3540427c8d4ef7aae857574.org
20170725        b970a0c5b39dc96c492b282e5df93d4d335b7260.com
20170725        b970a0c5b39dc96c492b282e5df93d4d335b7260.net
20170725        b970a0c5b39dc96c492b282e5df93d4d335b7260.org
20170730        bb37aeac86ac9cb598466fdd4400bc131e409b7a.net
20170730        bb37aeac86ac9cb598466fdd4400bc131e409b7a.org
20170730        ff2e66019b6cb79329b23df23d5c4fb2f1c50d7a.com
20170730        ff2e66019b6cb79329b23df23d5c4fb2f1c50d7a.net
20170730        ff2e66019b6cb79329b23df23d5c4fb2f1c50d7a.org
20170731        bb37aeac86ac9cb598466fdd4400bc131e409b7a.com
20170801        bb394c10b9b55f5b1ae602ce09af27316f400e71.com
20170801        bb394c10b9b55f5b1ae602ce09af27316f400e71.net
20170801        bb394c10b9b55f5b1ae602ce09af27316f400e71.org
20170802        www.steundestudio.be
20170805        b18fdc278c640b2da5e39904a8060819e276b0bd.com
20170805        b18fdc278c640b2da5e39904a8060819e276b0bd.net
20170806        bb02410adab7a233af2f8fad85593f67cf3e5416.com
20170806        bb02410adab7a233af2f8fad85593f67cf3e5416.net
20170806        bb02410adab7a233af2f8fad85593f67cf3e5416.org
20170807        airseatrans.com
20170807        akceptika.ru
20170807        capitan-club.com
20170807        ceipreyescatolicos.com
20170807        gesundheitsvorsorge-suhl.de
20170807        rufitrans.com
20170809        jf-wtm.de
20170815        b5bd485ca5866df65fc686aec70368f53bd4b802.com
20170815        b5bd485ca5866df65fc686aec70368f53bd4b802.net
20170815        b5bd485ca5866df65fc686aec70368f53bd4b802.org
20170815        beta.joshuaoverbye.com
20170815        prodam-biznes.by
20170818        www.esrevetlers.com
20170827        www.al-mal.com
20170829        ded80f01c530c0459ee43dba6b709194a92173cd.com
20170829        ded80f01c530c0459ee43dba6b709194a92173cd.net
20170829        ded80f01c530c0459ee43dba6b709194a92173cd.org
20170831        cardiomc.com.ua
20170831        ddl7.data.hu
20170831        dm-razd.greentown-development.ru
20170904        clearskydatasystems.com
20170904        clever-online.de
20170904        www.vinosbrewpub.com
20170907        babybwell.co.uk
20170907        buy.pilkingtonclassics.com
20170907        casalassirenas.com
20170907        cei-corp.com
20170907        cicekmakina.net
20170907        cirbox.co.th
20170907        claremedia.codafarm.com
20170907        ddl2.data.hu
20170907        esc24.ru
20170907        familleorth.com
20170907        gimnaz-25.ru
20170907        holliandtyler.com
20170907        jefevel.com
20170907        mebel-proxy.com.ua
20170907        nashgorod-nvkz.ru
20170907        printstarter.ru
20170907        proautomation.at
20170907        slavyanin.ru
20170907        strategiskprojektledelse.dk
20170907        tver-sas.ru
20170907        vgd.vg
20170907        vinosbrewpub.com
20170907        www.camerbwin.com
20170916        da967c74c858f3a10c36ea70ee628c20709d5a50.com
20170916        da967c74c858f3a10c36ea70ee628c20709d5a50.net
20170916        da967c74c858f3a10c36ea70ee628c20709d5a50.org
20170916        s81b4f037b244494ee2be2dfa24f32cf2d6163e4.com
20170916        s81b4f037b244494ee2be2dfa24f32cf2d6163e4.net
20170916        s81b4f037b244494ee2be2dfa24f32cf2d6163e4.org
20171030        akuweb.ru
20171030        xmr.crypto-pool.fr
20171201        atakan.com
20171202        ekinci.net
20171202        kitchencraftedmonton.com
20180115        albertojimenez.es
20180115        aluminaventanas.com
20180116        bed566621dddeea13a062396e2303f5dda1b7c34.com
20180116        comtechadsl.com
20180116        emprered.es

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

From PDNS: A fix length of 40, hexadecimal notation, tlds:[com, net, org] #47

From PDNS: A fix length of 40, hexadecimal notation, tlds:[com, net, org] #47

suqitian commented Jun 26, 2018

suqitian commented Jun 26, 2018

From PDNS: A fix length of 40, hexadecimal notation, tlds:[com, net, org] #47

From PDNS: A fix length of 40, hexadecimal notation, tlds:[com, net, org] #47

Comments

suqitian commented Jun 26, 2018

suqitian commented Jun 26, 2018