-
Notifications
You must be signed in to change notification settings - Fork 7
this is Crytolocket Malware Domain Generation Algorithm (DGA). Cryptolocker uses DGA to generate 1000 to 10000 unique domain names for its bots or C&C per day. This cmd line contains reverse engineered seed from GoZ and should be able to generate the same DGA results. This code is a part of my research on Cyber Threat Intelligence. GNU open sour…
azrilrahim/cryptolocker-dga
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
#-----------------------------------# # # # Copyright (C) 2016 Azril Rahim # # # # azrilazam@gmail.com # # # #-----------------------------------# INTRODUCTION ============= CRYPTODGA is Qt C/C++ implementation to generate CryptoLocker (CRYPTO) Malware possible Command Center (C2) domain name based on Domain Generated algorithm. The codes is taking the reversed engineer SEED value from its family codes The codes should produced significant possible results to immediate variants of CRYPTO family Malware. CRYPTODGA is generated against date input. CRYPTODGA generates about 10000 domain per day. Using cryptodga, a specific domains list can be produced on targeted date. REQUIREMENT ------------- TIG is a cross platform application that runs on MAC, WIN32/64, UNIX, OS2 and LINUX. It is a C/C++ application that is coded entirely on C++ Qt framework. For 64bit compatiblity, all compiliation for TIG requires the following minimum specifications library to be installed *Qt 5.4 (https://www.qt.io/download-open-source/) INSTALLATION ------------- Compilation ----------- 1. Please ensure all the dependencies libraries specified in the requirement sections are properly installed 2. Extract all the files in the desired working directory. e.g: /home/user/project/CRYPTODGA 3. The create a proper make file for compilation, you need to access to the qmake command that comes with Qt framework. qmake command must be issued inside the CRYPTODGA work directory. %> cd /home/user/project/CRYPTODGA %> /<qt install dir>/bin/qmake 4. After the qmake process is finish, you can called the make command to complete the compilation %> cd /home/user/project/CRYPTODGA %> make 5. After a successful compilation, a TIG file will be created. To invoke CRYPTODGA application: %> cd /home/user/project/CRYPTODGA %> ./cryptodga COMMAND LINE ARGUMENTS ---------------------- n=: number of domain to be generated (e.g 1000) f=: output filename if the result need to be write to a file d=: past, present or future date that DGA to be generated format: DD-MM-YYYY EXAMPLE ------------- 1. Display result on screen %> ./gozdga n=1000 d=12-04-2016 2. Save result on a file %> ./gozdga n=1000 d=12-04-2016 f=./result.txt OUTPUT ------- The output will be a single domain per line e.g gdgdhdddjkdgh.com jdyeeje7653dfg.net ... ... MAINTAINER ---------- * Azril Rahim <azrilazam@gmail.com>
About
this is Crytolocket Malware Domain Generation Algorithm (DGA). Cryptolocker uses DGA to generate 1000 to 10000 unique domain names for its bots or C&C per day. This cmd line contains reverse engineered seed from GoZ and should be able to generate the same DGA results. This code is a part of my research on Cyber Threat Intelligence. GNU open sour…
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published