Skip to content

kjyc1/domain_generation_algorithms

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Domain Generation Algorithms

Domain Generation Algorithms (DGAs) of Malware reimplemented in Python.

Overview

banjori (aka MultiBanker 2, BankPatch(er))

Links

Example Domains

  • earnestnessbiophysicalohax.com
  • kwtoestnessbiophysicalohax.com
  • rvcxestnessbiophysicalohax.com
  • hjbtestnessbiophysicalohax.com
  • txmoestnessbiophysicalohax.com
  • agekestnessbiophysicalohax.com
  • dbzwestnessbiophysicalohax.com
  • sgjxestnessbiophysicalohax.com
  • igjyestnessbiophysicalohax.com
  • zxahestnessbiophysicalohax.com
bazarbackdoor (aka BazarLoader Team9Backdoor))

Links

Example Domains

Real DGA:

  • adegjkaiggjm.bazar
  • eehhjmejjhjo.bazar
  • dehiildjjiin.bazar
  • ceeiklcjgikn.bazar
  • dceikkdhgikm.bazar
  • bfehjmbkghjo.bazar
  • adegjmaiggjo.bazar
  • dchiikdhjiim.bazar
  • efehikekghim.bazar
  • bdhhjkbijhjm.bazar

Buggy DGA: -_fdgimzkfgio.bazaar -e`bfkieedfkk.bazaar -efdgikekfgim.bazaar -]begimzgggio.bazaar -bbbfhlbgdfhn.bazaar -^ehikizjjikk.bazaar -aechimajehio.bazaar -]defiizigfik.bazaar -``geiizeieik.bazaar -degfjkdjifjm.bazaar

chinad

Links

Example Domains

  • 8f6bacmw30xxv6sc.cn
  • 486txu3yjly0xcmz.ru
  • xmi6x8zg9rkanmyo.info
  • spy1jhdbmvt2ueva.net
  • evybt5gtf2tprvbi.info
  • 7qbys97e3pcw262c.info
  • kz89iy97c7n7vbur.biz
  • zmkvvlsvkbffnuez.ru
  • tr1yy6lxtry1gsts.biz
  • mfq6uwq3p2hvc8zn.cn
corebot

Links

Example Domains

  • lkhylm0mhyfuhg.ddns.net
  • s63234wluv5v365bwp5.ddns.net
  • afe6mfy23xcxgfa.ddns.net
  • 7rsl1f34sfq0oj3jwvmfa6c.ddns.net
  • ir7l3po0gjy8ypqjm8o.ddns.net
  • 3lgrupwdivsfm2w4kng2iha.ddns.net
  • i8a0q2wdu8otulkfylo2gdq.ddns.net
  • kh1her76avy0qnelivijwd1.ddns.net
  • ubgp1f1han7lu410eh5.ddns.net
  • uliry8knadmpmdm4wti6oro.ddns.net
dircrypt

Links

Example Domains

  • rauggyguyp.com
  • llullzza.com
  • mluztamhnngwgh.com
  • mycojenxktsmozzthdv.com
  • inbxvqkegoyapgv.com
  • furiararji.com
  • zrkdvzjhse.com
  • wyuhdsdttczd.com
  • hpaxgpkteomjaxywwelr.com
  • mydojltbqjnwailyyoa.com
dnschanger (aka Alureon)

Links

Example Domains

  • aktklyvbiu.com
  • zgimjzlnrl.com
  • tcfejerekw.com
  • tfaunnjmxt.com
  • ydvlfpkguw.com
fobber (aka Tinba v3)

Example Domains

  • vhkintjtksyxgjrzz.net
  • btpnxlsfdqbhzazyx.net
  • ukfmknjdenthvktgc.net
  • qupxsrhrmuoinqrit.net
  • gjsbydmrpfzsmnfiu.net
  • indpstqbetcpcqprx.net
  • gwrdmhyjfcpcutmhp.net
  • bwnzcyypcbmnlpfsw.net
  • twkpwfuecvvzcincq.net
  • pdwfuxgnahmgsxhit.net
fosniw

Example Domains

  • app2.winsoft0.com
  • app2.winsoft1.com
  • app2.winsoft2.com
  • app2.winsoft3.com
  • app2.winsoft4.com
  • app2.winsoft5.com
  • app2.winsoft6.com
  • app2.winsoft7.com
  • app2.winsoft8.com
  • app2.winsoft9.com
gozi (aka Ursnif, Snifula, Papras)

Links

Example Domains

  • quodpresidentemaxsagit.com
  • pertantumfitusu.com
  • indulgentiarumlicet.com
  • moriblasphemianegocii.com
  • ptribueretnossetnonin.com
  • nonsicordinario.com
  • svivacpecunias.com
  • inestimabiler.com
  • ulpurgatoriopetrum.com
  • papacricognitisipro.com
kraken/v1 (aka Bobax, Oderoor)

Links

Example Domains

  • ibbwnhgh.mooo.com
  • rbqdxflojkj.mooo.com
  • smhburg.dyndns.org
  • bltjhzqp.dyndns.org
  • clwafrfuuxq.yi.org
  • cffxugijxn.yi.org
  • ivxcxbj.dynserv.com
  • etllejr.dynserv.com
  • otpxmk.mooo.com
  • ejfjyd.mooo.com
kraken/v2 (aka Bobax, Oderoor)

Links

Example Domains

  • xpdbwuimwag.com
  • nwpegpjtx.com
  • smmyuhxlt.net
  • xjvyvnzivvt.net
  • lvctmusxcyz.tv
  • lvctmusxcyz.tv
  • cjuszcfwo.cc
  • egbmbdey.cc
  • wjxaprgne.com
  • vxbuggxhrgi.com
locky

Links

Example Domains

  • gegjiimqmlgtdmk.tf
  • pccibcjncnhjn.yt
  • rddipikmrap.us
  • mmhmkqfc.be
  • vkcims.pm
  • qtysmobytagnrv.it
  • suhpqiumpjsv.ru
  • cscffbwbhs.uk
monerodownloader

Example Domains

  • 31b4bd31fg1x2.org
  • 31b4bd31fg1x2.tickets
  • 31b4bd31fg1x2.blackfriday
  • 31b4bd31fg1x2.hosting
  • 31b4bd31fg1x2.feedback
  • 3f8c8079fd4c5.org
  • 3f8c8079fd4c5.tickets
  • 3f8c8079fd4c5.blackfriday
  • 3f8c8079fd4c5.hosting
  • 3f8c8079fd4c5.feedback
murofet/v1 (aka LICAT)

Links

Example Domains

  • giywswshrgxcvoqgvrkthmfa.ru
  • xaiqpbprgymbvrwmzgiyprgdsk.com
  • amgqgularpzxeapztxenbx.net
  • pfscijbmthyfiyjgergugtkbqyh.org
  • xglfcmsgorvwfilhmzlcxxvkfege.info
  • rcteqwkequojntibvfyfaluwh.biz
  • mjfqylbiaunffuaeunzdqdwscu.ru
  • qobeylpxgpfknlptukyddqvklztg.com
  • rgwgizukficdgetwsxovtcknwkfm.info
  • betgyaeswxorwcvsdezdupbmb.org
murofet/v2 (aka LICAT)

Links

Example Domains

  • cmqvvxtppnibli.biz
  • cmqvvxtppnibli.com
  • rloqpoiongsuwyq.net
  • rloqpoiongsuwyq.org
  • zsophzovtfor.info
  • zsophzovtfor.biz
  • nlifthjnbgnfweq.org
  • nlifthjnbgnfweq.com
  • hykpttqsxsmvkoc.info
  • hykpttqsxsmvkoc.org
murofet/v3 (aka LICAT)

Links

Example Domains

  • nxlya47huo61czerb18o51e11d30i55gycwe31lx.ru
  • jwdzptm69p62izcve41f22k37oyj16g63fqote11.com
  • p42p52nvd50izkqazaqe21lvo21pycqotp22e61.net
  • b28n40i25b68gte41o61dwc19htc29jwgxiqfzbr.org
  • ktirhsn50kzc49b58cyf32fwh14h64dzgxiqcz.info
  • bre41hvc29kri15ewpwdsazjyn40p52kwe21gw.biz
  • n30mwhsoxfqe51j56lunsg13o11hyd60ewf52nu.ru
  • hvcsjxd20mzm29d40nznunta27c29kyi55fun50.com
  • nzosg13oymzg63ntpxaro51btkvfyoshrk27.info
  • czfsn20exg53nzcqcrg43exf62b28p22pyd50lu.org
mydoom (aka Novarg, Mimail.R, Shimgapi)

Example Domains

  • qehspqnmrn.info
  • mmahaesqar.in
  • pwprhhnqqn.in
  • mrspmramrn.in
  • arphansaqh.com
  • hrhspsrenn.net
  • aepaaemrmn.com
  • wsaehwmnms.in
  • arwrseqssh.com
  • ewamspqwha.ws
necurs

Links

Example Domains

  • nccojqvabqvkiwhj.mx
  • hoedwwwywnmmbi.ac
  • aeaeneaoinf.mu
  • ccecggc.us
  • mfffpmgtplxbyagbtegh.com
  • thlxuwnadtdtsm.biz
  • edkomqpeufjyafccj.in
  • mxomklaqau.pw
  • nvutiptwteltin.tv
  • nhysbiomr.ir
newgoz (aka Gameover Zeus, Peer-to-Peer Zeus)

Links

Example Domains

  • xzz3ug32bale1uo60y7xj6rge.com
  • 1hyzmw3l2phycet88hzr2do34.net
  • 2ppq821cfem5m1mdua46pxg7bj.biz
  • unlm9w9l8upy1kdde0kba7ktf.org
  • 1ixhw3p1ncr3cf1pjfrpz14n1u0e.com
  • 1o460ktpdhna1k0lk3ecwujxn.net
  • 183t0wjzlthe51wigptk4rl29.org
  • 1i3ux5a1hj6ndqejmxone45g0v.net
  • 5mcdp71mbutpb1tglu0s4p0lrf.com
  • n3i5yn19w82vmmpxv1k1l4xrjg.org
nymaim

Example Domains

  • oftbpec.com
  • lotmpwyk.info
  • seikpwq.info
  • bcfatyltdvp.info
  • rfwstgy.com
  • hokybhnf.biz
  • evlovrxuw.net
  • mtzpbzbfvy.info
  • hacckgiakhl.com
  • mosmeuw.net
nymaim2

Links

Example Domains

  • surfaces-drawing.com
  • shaft-criterion.cc
  • stops-hash.id
  • unitsknowledge.com
  • wiredgraph.tm
  • timelydesignation.co
  • stablelikely.ch
  • stainless-loan.lk
  • wagon-documents.sc
  • trainerprocessors.tk
padcrypt

Links

Example Domains

  • elkfcfnacacmofdf.com
  • mkmeeefncfnfdmbm.de
  • ffcdcnbmmnaeddcd.com
  • ddkfodnaadmbmofo.co.uk
  • efneboaodnmbecoa.co
  • bafomkfalcfcdkom.info
  • onlmcddadnacfclc.com
  • dcfmddfbobkmafma.com
  • lmmfdccmnnfnmfdl.co
  • kcknconmceeemlnm.com
pitou

Links

Example Domains

  • --------------+
  • koohoavab.net |
  • koohoavac.net |
  • koohoavad.net |
  • koohoavaf.net |
  • koohoavag.net |
  • koohoavah.net |
  • koohoavaj.net |
  • koohoavak.net |
  • koohoaval.net |
pizd

Links

Example Domains

  • difficultnearly.net
  • dollarnearly.net
  • difficultpossible.net
  • dollarpossible.net
  • eearlynation.net
  • escapenation.net
  • eearlypleasure.net
  • escapepleasure.net
  • eearlynearly.net
  • escapenearly.net
proslikefan

Links

Example Domains

  • flarvcpk.eu
  • stjneohiod.biz
  • vcevvkc.se
  • qylptiin.info
  • bsvisbttr.com
  • hjiknr.net
  • arpeiezki.org
  • gobqca.ru
  • tivqfahrmxdl.in
  • smutloo.name
pushdo

Example Domains

  • weafokuggeir.kz
  • sictemuborug.kz
  • cirpicficj.kz
  • geijanmap.kz
  • fuxhuxsabi.kz
  • siclisozdokq.kz
  • sozcoqnafrex.kz
  • qeobifups.kz
  • cokoqdeah.kz
  • latqafbuxwic.kz
pykspa/improved

Links

Example Domains

  • uammskmq.org
  • jqplflktas.info
  • rybwtr.net
  • uyznvxlof.info
  • gakcmqiw.com
  • wewsvat.net
  • owhadwkskevw.net
  • nkndlzhjgrpc.info
  • isypszqe.net
  • joebbaamoyt.info
pykspa/precursor

Links

Example Domains

  • llfwhgn.com
  • guqqkaiq.biz
  • wctymo.net
  • lovfjsfox.com
  • oruhbanansnan.cc
  • mkncjk.biz
  • yunonsuiwcymao.net
  • yxpojufqbex.com
  • qhxgzufqbex.cc
  • yywiywiq.biz
qadars

Links

Example Domains

  • jk9enwhansl2.org
  • sdqfodmf81m7.net
  • 5uro1uzspejk.net
  • ub4hinsduf0p.net
  • zs9ijo1er81u.com
  • 0t67c5arw9yf.net
  • lev41encha38.net
  • 67k1q3c1mr8x.org
  • 7w1yf49irk5m.net
  • gdunwhq7s9qb.org
qakbot

Links

Example Domains

  • bqkrtxgkmriwsiwcngtivpx.info
  • jdtmfupdyueqeldvhsjzdvzob.net
  • guhmpoxzivhba.com
  • nqqxqhuacaqhzurde.org
  • lgqsqgpqzijwid.info
  • ykolyecdcyk.biz
  • ztvflnxqzpxvpfobv.biz
  • zqrmkpivrbxccawozqwqpfzh.org
  • iqyqwhntrxfeq.org
  • ftadkbomxlnsib.info
qsnatch

Links

Example Domains

  • t2q2r.cf
  • gc9nz.tk
  • 07tvvc.com
  • 7ubqo.ml
  • 53bcm.de
  • 6zltf.rocks
  • hv7uv.mx
  • nypno.biz
  • qkzccy.net
  • rassb.cn
ramnit

Links

Example Domains

  • knpqxlxcwtlvgrdyhd.com
  • nvlyffua.com
  • hgyudheedieibxy.com
  • anrylixwcbnjopdd.com
  • vrndmdrdrjoff.com
  • jhghrlufoh.com
  • tqjhvylf.com
  • hufqifjq.com
  • itktxexjghvvxa.com
  • ppyblaohb.com
ranbyus/may

Links

Example Domains

  • ikwoqkwuajpbyx.com
  • niukpdrluwlfox.pw
  • rcnxisuibbadng.in
  • wbqtidjvsdiwee.me
  • jrdyumcieyipnv.cc
  • yvyfwikedfxitk.su
  • tviurcntxylxnj.tw
  • lycyrvfcemepfm.net
  • epddeukdimbpft.com
  • trbhxhmbsikoaq.pw
ranbyus/september

Links

Example Domains

  • jxbdxeyxttdmcjagi.me
  • iqmadgybfhnrssadm.cc
  • gdoldaognceaedkke.su
  • jnbnyrmxmpblfgstk.tw
  • ucjetnyaitygjidva.net
  • jejocqwtcbtuymvao.com
  • stuctjsqfxghcesyw.pw
  • gfidctymbxiaqyuyk.in
  • ojrqwrlhesfshawva.me
  • bqjqvwwjirftwkjel.cc
reconyc

This DGA has unpredictable seeding, i.e., it uses GetTickCount as the seed. I still list the DGA as it might be useful for testing or training DGA detection algorithms.

Example Domains

  • E5zHail0Mw.com
  • gabbvK2o6s.com
  • CumpP2A4d7.com
  • 5eswmwNQyF.com
  • lExfSzyuwP.com
  • JZpESGsPFF.com
  • UmIaRnijeT.com
  • sHr0xE9Idm.com
  • nYcEX7wlCF.com
  • VCiZNQXwpO.com
shiotob (aka Urlzone, Bebloh)

Links

Example Domains

  • wtipubctwiekhir.net
  • rwmu35avqo12tqc.com
  • rskb5bsfhm2fk5h.net
  • rbp9pprrxgflut9.com
  • zzxeyzgy45yy2a.net
  • e3oa4wglvd21xa.com
  • mqmq1hvmtxzjv.net
  • pd4o4wu24vimn.com
  • tlmrzvpbpsqsb.net
  • pbmnz59uzndpo.com
simda (aka Shiz)

Links

Example Domains

  • gatyfus.com
  • lyvyxor.com
  • vojyqem.com
  • qetyfuv.com
  • puvyxil.com
  • gahyqah.com
  • lyryfyd.com
  • vocyzit.com
  • qegyqaq.com
  • purydyv.com
sisron (aka TOMB, Win32/Agent.WRQ, Trojan.Scar)

Links

Example Domains

  • mdiwnjiwmtya.com
  • mdewnjiwmtya.com
  • mzewntiwmtya.com
  • mzawntiwmtya.com
  • mjkwntiwmtya.com
  • mjgwntiwmtya.com
  • mjcwntiwmtya.com
  • mjywntiwmtya.com
  • mjuwntiwmtya.com
  • mjqwntiwmtya.com
suppobox

Links

Example Domains

  • journey
  • destroy
  • against
  • night
  • within
  • effort
  • street
  • better
  • husband
  • little
symmi

Links

Example Domains

  • ogovugtuipawi.ddns.net
  • afowkaupbabe.ddns.net
  • ipkureleakm.ddns.net
  • hegiruqo.ddns.net
  • luimreim.ddns.net
  • tiakqukoahuvu.ddns.net
  • loelkuanduur.ddns.net
  • agdehukoev.ddns.net
  • giagkuekorla.ddns.net
  • leufiroqipomu.ddns.net
tempedreve

Links

Example Domains

  • dlbebsga.net
  • enqbgrmt.com
  • xjlwpfnk.info
  • ebabkjcx.org
  • hvisietg.net
  • svyjglen.com
  • glknxfgq.info
  • adoduloh.org
  • jgrxrxwh.net
  • ctmrgbmz.com
tinba (aka TinyBanker, Zusy)

Links

Example Domains

  • blackfreeqazyio.cc
  • nvfowikhevmy.com
  • nvfowikhevmy.net
  • nvfowikhevmy.in
  • nvfowikhevmy.ru
  • sjhuqlwrqhqx.com
  • sjhuqlwrqhqx.net
  • sjhuqlwrqhqx.in
  • sjhuqlwrqhqx.ru
  • pxqgonyogeee.com
unknown_malware

Example Domains

  • albdfhln.com
  • alcgkown.com
  • aldjpvqt.com
  • alemuown.com
  • alfpmrnq.org
  • algspvqt.org
  • alhvrytw.org
  • aliyuown.org
  • aljnwpyo.org
  • alkpmrnq.net
unnamed_downloader

Example Domains

  • ddknt.github.io
  • ddktn.github.io
  • ddnkt.github.io
  • ddntk.github.io
  • ddtkn.github.io
  • ddtnk.github.io
  • dkdnt.github.io
  • dkdtn.github.io
  • dkndt.github.io
  • dkntd.github.io
unnamed_javascript_dga

Links

Example Domains

  • rxxeqcoy.cc
  • kmymbyzd.co
  • cfukbzbmg.eu
  • sblwtafc.cc
  • lqdoacat.co
  • dplmjcjic.eu
  • ttukaiwjdx.cc
  • meimklqh.co
  • enmxqcxhtl.eu
  • unmias.cc
vawtrak

Links

Example Domains

  • usahwutle.com
  • folocnam.com
  • awumsah.com
  • edorwufli.com
  • misocgutlah.com
  • edarwotda.com
  • melarwetdic.com
  • usucnitdohg.com
  • regomseh.com
  • osicnumd.com
zloader

Links

Example Domains

  • gdurfdsywubjaaqcqhrh.com
  • vudktykcecigekhtwwqn.com
  • jcaofaekffeojktmpdax.com
  • iiphrhkculpnubvvxnbh.com
  • bjdbpgbjdyredhfyvpie.com
  • wramitvqeojecedajxoj.com
  • ohyjybhogoeoabjqvpie.com
  • fscqtelyeogmxudotlao.com
  • nsdtxvnwtxjwphbuqffe.com
  • bohchavtvhbejwcmekvo.com

About

Some results of my DGA reversing efforts

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 98.9%
  • C 1.1%