Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The DGA of Enviserv #53

Open
suqitian opened this issue Sep 3, 2019 · 1 comment
Open

The DGA of Enviserv #53

suqitian opened this issue Sep 3, 2019 · 1 comment

Comments

@suqitian
Copy link
Member

suqitian commented Sep 3, 2019

  • MD5
    4328048f82811146c0fd9e18faff7155

  • VT analysis

  • Domains generated on 2019/08/06
    fe28753777.com
    9dcd84b090.net
    02261e64b3.org
    20c97d8c3d.info
    5ae4d66001.biz
    e3bea872ae.in
    150d064880.com
    34636b0b94.net
    4e8414394d.org
    d84a6a7a28.info
    ...

  • The threat report from Microsoft.
@suqitian
Copy link
Member Author

suqitian commented Sep 3, 2019

  • Thanks to my colleague Jinye for helping reverse engineer binary file.

  • TLDs
    ['com', 'net', 'org', 'info', 'biz', 'in']

  • The number of domains
    500 in total

  • Test

$ python dga.py -n 500
fe28753777.com
9dcd84b090.net
02261e64b3.org
20c97d8c3d.info
5ae4d66001.biz
e3bea872ae.in
150d064880.com
34636b0b94.net
4e8414394d.org
d84a6a7a28.info
......

The output are well-matched to the domains generated by sample.
dga.py is here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@suqitian