Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

From VT: A length of 9-14, a-z, tlds: [com], the second new seed of FakeAV. #17

Closed
suqitian opened this issue Sep 21, 2016 · 3 comments
Closed

From VT: A length of 9-14, a-z, tlds: [com], the second new seed of FakeAV. #17

suqitian opened this issue Sep 21, 2016 · 3 comments

Comments

@suqitian
Copy link
Member

suqitian commented Sep 21, 2016
edited
Loading

  • MD5

844b63a2db8e7df1de2cc934a420aec4

  • Domains
    see the list of all domains below
  • It should be a time independent DGA
@suqitian
Copy link
Member Author

The list of all domains, 301 in total.
badodybeqyk.com
bakagunaxepo.com
bapyrejecak.com
bexekogyluzus.com
bipuwyqojivu.com
bisyvoqyxymyqi.com
bitigamot.com
bosuwiqexise.com
boxiganuw.com
bucyguwored.com
bumucewafypevy.com
buqajoqunely.com
burigiqesulaja.com
bybozuromyvi.com
cadyfahirecyci.com
cafidylyjilox.com
carehulugy.com
ceguwemiz.com
cemidujiset.com
cibabewytyl.com
cigivasepuxy.com
cikipihigilani.com
ciquqamod.com
cizubejiwoma.com
colixyniqak.com
cudokopipi.com
cuhucupivu.com
cupototog.com
curixycihig.com
cyzufuzuzasa.com
dabuvusato.com
daqocokidepo.com
datigefacu.com
dawurowydafa.com
dazixydecamur.com
dehozykato.com
dimowonido.com
divinemeb.com
dixyxykuledypo.com
dolagomosu.com
dubacobimude.com
dunysinykesiti.com
duvexofejox.com
duvizazuz.com
dyhatujen.com
dytilicojame.com
dyxavehovi.com
fahibyfihovawe.com
fajomowiqy.com
fapyrypumumuva.com
faremewumasebe.com
faxilujome.com
fehylohuxek.com
fget-career.com
fijijeqipif.com
fitevejetety.com
fivulaxavys.com
fopykybybydy.com
fosimoxexora.com
fugegewulevu.com
fuhocogupyneko.com
fujoresaw.com
fuqikabyko.com
fynaguzyjer.com
fyvamomadebet.com
gacemugutil.com
galahikeve.com
gefexepoj.com
gexopetoqoco.com
gihunoholo.com
gixihylite.com
gokiqoliroc.com
gotyhudesu.com
gyravatimak.com
gyxanobevywog.com
hamobamaduro.com
hepekekejepuvo.com
herovidacege.com
hiropyfeha.com
hobolamitajy.com
hogosozupuf.com
homuvuhyhoh.com
hoqavazikececo.com
huvukeqiju.com
huzatifizama.com
hyviwysoqizege.com
hyvixemuhykoh.com
jacumegekij.com
jamizekuxilufo.com
jetuqaroxos.com
jetytozis.com
jexelabexomeco.com
jibiravebapof.com
jicylegavade.com
jididoraw.com
jisoqamyse.com
jitemeboza.com
johigijito.com
jotomumehyn.com
jowusytuhowa.com
jujiwyqakexyq.com
jukecoruvut.com
juqesumycuz.com
juqupybocuto.com
juwaqeler.com
juxukupyzemi.com
jymepidesipe.com
jynogobefukor.com
jyxirafyhulora.com
kawyhezypo.com
kaxygakiduw.com
kecewepin.com
kecolefecozi.com
kibemevul.com
kiqevinarelo.com
kurinyfybex.com
kuvufemawygu.com
kykicumiz.com
kysymysafamy.com
lajogitytudaxo.com
lapimiheqowok.com
laqygudumowa.com
lawujocot.com
laxesepaweno.com
laxigypopetaju.com
lecuvubaja.com
ledejalyri.com
leducivudadyj.com
lejicolyxudy.com
lekecamenobe.com
lerizesax.com
liqugamezono.com
litubibam.com
litypacuxava.com
liwajohiboby.com
lonekucog.com
lugecunecaxez.com
marihuqavigyt.com
maweqigot.com
mehyqibugyluf.com
menusadyryraru.com
mexigawarynode.com
mijokoquvon.com
mofydymalyp.com
monamakib.com
moxopurarite.com
mujinibugemiju.com
mupesatupukyqi.com
mydihynybihy.com
myfofeviqilo.com
nefopuhix.com
nekomavyn.com
nigyruqyn.com
nipoloquv.com
nivemalybyhi.com
nobimopizijy.com
nurulicovy.com
nyharucukom.com
nylujusofo.com
nymemuhoseran.com
nynevyxaz.com
nysytiver.com
pavahikexu.com
pecocojuhep.com
pejexagyb.com
pezugejomimoz.com
pifajeniwyt.com
pivysegocide.com
piwetyzififa.com
pobazepukatyc.com
podojykofogu.com
pogorecywihira.com
pomalekon.com
pomexyposenebi.com
pozefybop.com
pozemoxehyt.com
pukukadajex.com
pyduhomyc.com
pykolujij.com
pylabarywip.com
qacibekuzy.com
qajivehucewupo.com
qazomequguca.com
qibahovybicu.com
qiwewepynide.com
qojijixiwidaz.com
qoxomyjomaj.com
qozohyhobuci.com
qukocacilogoti.com
qupasebyve.com
qurybojalyfa.com
qygitofafo.com
qyrakiboveh.com
repavukoqipez.com
requzunigiver.com
resufewanepexu.com
retisuqat.com
ricogodobekax.com
rigugijaxus.com
rijucyvybumyka.com
rivymyzudu.com
roromavice.com
rotehyhidixa.com
rucyfozod.com
rukizypufygejy.com
ruxovadix.com
ruzevomazowa.com
ryjybytokew.com
ryqytobogociw.com
rytaxywika.com
sacunifupacamy.com
samajuqurej.com
sapucuwumaser.com
saqutuhopyqej.com
sasoxizyriw.com
sefigecusotemi.com
sexajuruvesik.com
sirakapofeti.com
sisawylum.com
socawycerumyxi.com
sojepyjek.com
sopyqatuc.com
sumuryvynuh.com
suzyvupukunepu.com
sysigicigisav.com
tawunohitix.com
tedowyhubal.com
tekefihamib.com
tepucazij.com
tesipohycuco.com
tevisuwapucumu.com
tibaciwof.com
titagetudo.com
tixirukemosa.com
todizubosox.com
tudidawajyvaf.com
tufykyjoki.com
tuhyvejawat.com
tupasupihel.com
tuwexanafucir.com
tuwynaropotit.com
tykisarokuxesy.com
vakatesumuhor.com
valanofajo.com
vaporenegiqi.com
vecyvasibi.com
vudehebaviwod.com
vusysogirebymy.com
vuvamewakoq.com
vuvodiguqewuxe.com
vydusajere.com
vyqivaneh.com
wacumohuqos.com
waliwetixybuk.com
wekabamysugamy.com
wepomagidysaky.com
weriloxoro.com
wihoraqite.com
wisigudyniqixo.com
witywypihag.com
woboqewehuzu.com
wokikywalonez.com
wokykevob.com
woxoqehed.com
wudicofez.com
wuhefifyfaqexi.com
wumolidejypo.com
wumytaxuboly.com
wunoqakydorovy.com
wybuzyrywovaj.com
wycecikodovi.com
wyduzylys.com
xaqygacatewuk.com
xecuhuziqys.com
xedycekycimohu.com
xedyvagyxut.com
xegunider.com
xekisowymudix.com
xesopusacezeb.com
xibumesaf.com
xifikyziqog.com
xikicyxew.com
xipagymofi.com
xomapehyni.com
xucysasowebaty.com
xuryfacaqy.com
xuwawuwybohym.com
xylahavowi.com
xymasehyfi.com
zagohitapuzog.com
zagucapomup.com
zagyzeduhyb.com
zaqewoqake.com
zelabuhib.com
zenevakyfa.com
zificefydyn.com
zogovuwex.com
zopyralor.com
zypomamuzosa.com
zywufoqovy.com
zyxecipidi.com

@suqitian
Copy link
Member Author

All the malware samples which have the same behaviours, 121 in total.
844b63a2db8e7df1de2cc934a420aec4
a31affab69f60e9c19ffd61b3abc4c7f
b7d3dcc524cbafb2afaa961b222a95cb
bf3d27482900a257ef0e81dec5c48646
4d16f1fb86428bdb0f279387378c4cb8
7ea5d90fe6aa41cb845dc6ff6340dd8b
bf96c20a8e3bdcb60359bc4dd962ebdf
cd3c47dddd28b4a304a6acd66e03f1bd
01fe582fc4f95f9680e4a2c2b86770e2
4ff5cfa24bedd35d8cfc0a931d9c7b11
9105936690975eb990c1f5836747d068
ddffd92ec3a0fb3daa52846561b1ef5e
e64662884f67503905a9e7cb61d71b75
eef780ccc282bc24797edd9ab9e2d185
24a3025ef9e6995037796905ebf64958
3c75431da58397dc7d98249862bfc8bd
996305c8d4ccb1145945d4c1ee2d4dd6
e2f7d324d292a7733d4e512bcc2bc05a
e6a88e554b2be9aee240502dbdb47b00
3c773171b23b5903c020888f9808a1fd
aa07c0458b61d8d37fcefd92449f7052
5fa4276d5bf6bd877816193c0b6c5eb5
70d5b5e8c4605db85e1f666dac5165ac
8a58ba6e379b46265c9e38702c8ba66c
b48fe4d436f6a0a8d9812a3085916632
d249b386c142ca698aa8e310b734dbc2
d574252a33a578889962312072d3997b
ec4761c8dde1d26244deb45033b4d2b1
1b2864d8c981178d205ae6f3549cf9f4
6e0ac05d61f4b8da002190cfed49a6a8
9339f48f48d292b7df7a8776ca368a66
9a78039072e48ff34bd84d7bfaf3c9f5
aeaca8e4c7c2b780a040a0e36c5f9e72
aed9c6af136370e3cbccec1c3061529c
b52fa5623ec8040a69c56514b30e90fb
c3dbda0e7bdb3d63731a874ac60015a1
6911cf410c6a2026d817b05e37dc4eaf
8454e4afaed95e4a270b1a1cb6b7fe1a
91141f377d9989ae7cce71e590f6c325
c49a787a7e30f470adc9ad7c07da85ef
cf20fbad2951ca68e47d999439884740
337c3db40b12f57fdfcfbb40a1faaf9f
6d7138cfa0d5c5dce49b055a74a87f04
8b655db4135c762592f6c7bb3ec689d8
b355dfc19d1257f7d760322fc26c5981
be93b30011b5604b6d2e77d95acad25b
d5e92f61fb76953c660ec258498f8363
ecb860d3570e6cc194d3aa7ebb2ee67f
31db8a3b984ce2538b6c58f7bb26232d
4a817531ff47075744ca8f139aaebf78
58e284bdf189950aa3f75898da6b3416
8ca76ddc8d7a090a6994b52d8c19d8ac
93c6d7905bf97e62cfc127328554e644
a54a925d4d5616e1919a35edb0d618e4
df6b899874dd7612340effc8e5c91977
f0d1e0e3978bf79c493abd130635bb02
0264f65079fc13226e6253f607e1ed0f
3bfb52f4867b33533e6f4f46762f6767
3d434cadce25906d68dafc9ff2e62f9c
3e9dec2b76c77eddc9a7d322d362af26
4137ea4453560b8928cdddea755f9960
4ec0e81ca3652b3837e50bbd80492224
6bb8e9b8dbdf63556786a87c8ee5f033
81d57d2b06cf7e1fb718df5837f74ed5
82b74ae40bb4bb7f9aefc84b3222cfcb
8fbcde935f6f97d560dca2cd5da47993
a82ed512d0498536544279512a059b63
ac32a748d7adb331823320d8c4fe5a7a
cb08cadf67200606bfa4723cccc48778
cf677675f951ebb24cfd5fa7a8e8445e
deff17da613be0a2c7679981fbe48f86
fd6c8c1a82e8fe1b78d978a41bd82677
120e304ce2f0b1f5b8318cbb578c296a
2e41c5d3d41a690206b9d51fea85ac0e
9adcc0763414d2eca63be712e176ffd0
bd4ae83af1ea5cf95791d4811efc193e
d951a92be08dd2425ddc07e02a3d2654
ed25eb383d543b7d791cad124159931c
036cce6cf80dbe63d3603e9d74cd9370
094a3fa36a22d60b7f892dea33ae1fa7
17fbbda919906bafcdd5c174dae06c3c
345036f4dbeaeecbfc7180c9001d956b
923908aab63b8d6f98398e775adfa0a1
e322447ace124b3238352138ebe6b209
fa9fc392aa212198f5d4444917b80c58
19347ff7d95467145ea098fd56559f66
22409e28e1fbcd9c87723814778e70a4
28b537b8f781ddb2aaab4d52a052c73b
2a626185455b483fcf925e07cabf9ed8
303073f5cc424aee7e2195f4b36674ac
62a52064a9a58c9942546b7f6299bf13
6364bcc72669d24aad5b0e733692fa0d
752d1506efc7c5e9f74b18424fcd7e59
7dc0dfef87c1842f985fb88726ced384
824305045009a11ddb6fe459e3a47d01
8c20d143303847f6e04a3d109b699165
909811a6966f0622e3c3c4333c6c7f4f
919e4c024ef1fb1602e13d11e366e830
9b9093721764ceb6b33170f656059878
a83faacc9946d97fd96f2b531a86d43c
aeeb498c2e38ea47e6aaec07a5d5a5ba
af8cf0dde996e078d1da94930809951a
b57954cb3d4fe3f6b9c040261e153ec7
b606059691474582d537a210f7128fde
c8269a64c61e26b652abbc977305a4ac
e17b826900909a9035dc0c3d7f0c5383
e82eeedddbb03117f062e1e92416cb63
eed1492594f2fd781283e26c5538215c
efba68b8cd779f7856dd070e8ddf66d1
fdcddb371f8d9d9fee96f4dbbee04d91
26cdea129548aaaa19a4de4c2e025d48
96b4023035ee867fe308f3b42d918a75
aa2111da9477ce20515ecac8798abb39
c5ef49b857085f05133d4cacd84bcbf6
ca5bc1b60ba996f3fc2684e580c0c385
e6ff8962853c6df9b9dbe42cb450ebe6
37bf40dff8ea6b2e317b0edec917d0e2
48aa3e2d56d16cc84c1e4e48381b7e77
4a433794087d4869a881917bc7527465
80a8b0890e082e75e67a8748b0bc3940
a98fbc3ca1c8cf6cfa71f5ca138eba84

@suqitian suqitian changed the title From VT: A length of 9-14, a-z, tlds: [com], a new seed of FakeAV. From VT: A length of 9-14, a-z, tlds: [com], the second new seed of FakeAV. Sep 21, 2016
@suqitian
Copy link
Member Author

Not DGA.
Hardcoded domain in sample.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@suqitian