Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The DGA of Enviserv #53

Open
suqitian opened this issue Sep 3, 2019 · 1 comment

Comments

@suqitian
Copy link
Member

commented Sep 3, 2019

  • MD5
    4328048f82811146c0fd9e18faff7155

  • VT analysis

  • Domains generated on 2019/08/06
    fe28753777.com
    9dcd84b090.net
    02261e64b3.org
    20c97d8c3d.info
    5ae4d66001.biz
    e3bea872ae.in
    150d064880.com
    34636b0b94.net
    4e8414394d.org
    d84a6a7a28.info
    ...

  • The threat report from Microsoft.

@suqitian

This comment has been minimized.

Copy link
Member Author

commented Sep 3, 2019

  • Thanks to my colleague Jinye for helping reverse engineer binary file.

  • TLDs
    ['com', 'net', 'org', 'info', 'biz', 'in']

  • The number of domains
    500 in total

  • Test

$ python dga.py -n 500
fe28753777.com
9dcd84b090.net
02261e64b3.org
20c97d8c3d.info
5ae4d66001.biz
e3bea872ae.in
150d064880.com
34636b0b94.net
4e8414394d.org
d84a6a7a28.info
......

The output are well-matched to the domains generated by sample.
dga.py is here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.