<a href="https://colab.research.google.com/github/ericyoc/gen_dga_regex_and_yara_rules/blob/main/simple_dyre_dga.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [1]:
import random
import datetime
import hashlib

In [2]:
# Define the character sets and top-level domains (TLDs)
chars = "abcdefghijklmnopqrstuvwxyz0123456789"
tlds = [".com", ".net", ".org", ".biz", ".info"]

In [3]:
def generate_domains(seed, num_domains):
    domains = []
    for _ in range(num_domains):
        domain_length = random.randint(12, 20)
        domain = ""
        for _ in range(domain_length):
            domain += random.choice(chars)
        domain += random.choice(tlds)
        domains.append(domain)
    return domains

In [4]:
def dyre_dga(year, month, day):
    # Generate a seed value based on the date
    seed = hashlib.md5(f"{year}{month}{day}".encode()).hexdigest()
    random.seed(seed)

    # Generate a list of domains
    num_domains = random.randint(1000, 5000)
    domains = generate_domains(seed, num_domains)

    return domains

In [5]:
def is_dyre_domain(domain, year, month, day):
    dyre_domains = dyre_dga(year, month, day)
    return domain in dyre_domains

In [6]:
def generate_past_dga_domains(days=1):
    current_date = datetime.datetime.now()
    todays_domains = []

    for i in range(days):
        past_date = current_date - datetime.timedelta(days=i)
        todays_domains.extend(dyre_dga(past_date.year, past_date.month, past_date.day))

    return todays_domains

In [7]:
def main():
    current_date = datetime.datetime.now()
    dyre_domains = dyre_dga(current_date.year, current_date.month, current_date.day)

    # Detect a Dyre DGA domain
    dyre_domain = random.choice(dyre_domains)
    print(f"Detecting Dyre DGA domain: {dyre_domain}")
    if is_dyre_domain(dyre_domain, current_date.year, current_date.month, current_date.day):
        print(f"{dyre_domain} is a Dyre DGA domain")
    else:
        print(f"{dyre_domain} is not a Dyre DGA domain")

    # Detect a non-Dyre DGA domain
    non_dyre_domain = "example.com"
    print(f"\nDetecting non-Dyre DGA domain: {non_dyre_domain}")
    if is_dyre_domain(non_dyre_domain, current_date.year, current_date.month, current_date.day):
        print(f"{non_dyre_domain} is a Dyre DGA domain")
    else:
        print(f"{non_dyre_domain} is not a Dyre DGA domain")

    # Generate and print Dyre DGA domains for the past 1 days
    past_dga_domains = generate_past_dga_domains()
    print("\nDyre DGA domains for the past 1 days:")
    for domain in past_dga_domains:
        print(domain)

In [8]:
if __name__ == "__main__":
    main()

Detecting Dyre DGA domain: 73v2swqhwu1uaatb.biz
73v2swqhwu1uaatb.biz is a Dyre DGA domain

Detecting non-Dyre DGA domain: example.com
example.com is not a Dyre DGA domain

Dyre DGA domains for the past 1 days:
da5eddk0ox8fvklzr2ss.net
j4v329pwcxyvza2.info
ecyoo5qq6qrn94p9l5.info
7cyakphhuok4avxgg.biz
kgk13gnx1row8pt9.info
se1h1meor4l4wgz.biz
cb9gqzrr6a5c8lzx.com
kt2o884bgghmiav5a.org
rop9hrhyqqc1il5eyeln.biz
i4tfjchhba1f.info
jedhudcpr9km1eg7r6o.com
1pvl2i7z70632o.com
d5vzdeewo02be6fmzq.info
iohi5611h1dhm.biz
z96n4prggl81ndre.org
ankono0xthgmvy3s.biz
qx0m0ry1pvjs1.biz
dy9l2nd6xcnz.org
jtzfxo8j0zu2om8.com
4ibmf21ipdwgvs.net
zpfcmpbsb1qepeh.org
av3q5974nkflchbomg.biz
7zw64tctjdq1og.com
iuu3w2i0s46sdrk.biz
mbztag1nr7feq.biz
uzgrx67oxqn6e9rqb.info
gxew3n0lhdmm5tbz6se.info
6j5dh5xo47ijohj06p.com
5wjoqgqfs4zqk.org
is1dltva9knkzmg1.com
sus6dcp9eqea.org
u1swi69sgt2t8.biz
m0bppr1hsyh4mutp9rj.biz
ilh45e69lk3nr.biz
ew3w6iz9r8n3gblb.com
844nhelubwrowx.info
pifh9qpcvwkxao.biz
41apsjb4oym0yo.net
sva