Some results of my DGA reversing efforts
Switch branches/tags
Nothing to show
Clone or download
Latest commit 0f0f6e5 Jul 25, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
banjori initial commit Aug 31, 2015
chinad chinad dga Jan 13, 2017
corebot DGA of Suppobox (two wordlists provided, there are at least two more) Oct 23, 2015
dircrypt initial commit Aug 31, 2015
dnschanger New DGA: DNSChanger/Alureon Jan 10, 2016
fobber DGA of Fobber (two versions) Sep 11, 2015
gozi merge Feb 6, 2017
kraken The two DGAs of Kraken alias Oderoor alias Bobax. Two seeds for each … Dec 22, 2015
locky Add locky seeds 7773, 7743 Jul 13, 2016
murofet new seed Sep 19, 2016
necurs new Shiotob seed Aug 30, 2017
newgoz initial commit Aug 31, 2015
nymaim Nymaim Sep 2, 2015
nymaim2 DGA of Nymaim v2 Apr 29, 2018
padcrypt PadCrypt v2.2.97.0, thx to Lawrence Abrams (@BleepinComputer) and Ma… Mar 6, 2016
pizd examples.txt Oct 13, 2015
proslikefan Added generalized version of the Proslikefan DGA. Jun 17, 2016
pykspa murofet Sep 3, 2015
qadars seeds should be ordered Aug 3, 2017
qakbot DGA of Qakbot Feb 24, 2016
ramdo Ramdo Sep 27, 2017
ramnit made Python3 compatible Jul 25, 2018
ranbyus new ranbyus seed Jul 14, 2016
shiotob new Shiotob seed Aug 30, 2017
simda initial commit Aug 31, 2015
sisron link to blog post Jun 2, 2016
suppobox example domains for the word list 3 Dec 17, 2015
symmi initial commit Aug 31, 2015
tempedreve time-dependent Tempedreve DGA May 9, 2017
tinba add more seeds to the Tinba DGA Aug 8, 2017
unknown_malware new DGA of unknown malware Sep 27, 2017
unnamed_downloader new DGA from unnamed downloader Sep 19, 2016
unnamed_javascript_dga Added generalized version of the Proslikefan DGA. Jun 17, 2016
vawtrak new vawtrak variants Jan 13, 2017
LICENSE Initial commit Aug 31, 2015
README.md DGA of Nymaim v2 Apr 29, 2018

README.md

Domain Generation Algorithms

Johannes Bacher's reversing efforts

Overview

Subfolder Malware Family Alias Write-Up
pizd ?? [link] (https://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured/)
newgoz newGOZ Gameover Zeus, Peer-to-Peer Zeus link
ramnit Ramnit link
shiotob Shiotob Urlzone, Bebloh link
symmi Symmni link
banjori Banjori MultiBanker 2, BankPatch(er) link
necurs Necurs link
dircrypt DirCrypt link
pykspa/precursor Precursor of Pykspa link
pkyspa/improved Improved Pykspa link
simda Simda Shiz link
tinba Tinba TinyBanker, Zusy link
ranbyus/may Ranbyus Version 1 link
ranbyus/september Ranbyus Version 2 link
nymaim Nymaim
nymaim2 Nymaim v2 link
murofet/v1 Murofet Variant 1 LICAT link
murofet/v2 Murofet Variant 2 LICAT link
murofet/v3 Murofet Variant 3 LICAT link
fobber Fobber Tinba v3
corebot CoreBot link
suppobox SuppoBox link
unnamed_javascript_dga Unnamed link Obsolete, see Proslikefan
kraken/v1 Kraken Version 1 Bobax, Oderoor link
kraken/v2 Kraken Version 2 Bobax, Oderoor link
dnschanger DNSChanger Alureon link
qakbot Qakbot link
locky Locky link
padcrypt Padcrypt link
gozi Gozi Ursnif, Snifula, Papras link
qadars Qadars link
sisron Sisron TOMB, Win32/Agent.WRQ, Trojan.Scar link
proslikefan Proslikefan link
vawtrak Vawtrak link
unnamed_downloader Unnamed Downloader
chinad Chinad link
tempedreve Tempedreve link
unknown_malware ?