Home

Awesome

Domain Generation Algorithms

Domain Generation Algorithms (DGAs) of Malware reimplemented in Python.

Overview

<details><summary>banjori (aka MultiBanker 2, BankPatch(er))</summary>

Links

Example Domains

</details> <details><summary>bazarbackdoor (aka BazarLoader Team9Backdoor))</summary>

Links

Example Domains

Real DGA:

Buggy DGA: -_fdgimzkfgio.bazaar -e`bfkieedfkk.bazaar -efdgikekfgim.bazaar -]begimzgggio.bazaar -bbbfhlbgdfhn.bazaar -^ehikizjjikk.bazaar -aechimajehio.bazaar -]defiizigfik.bazaar -``geiizeieik.bazaar -degfjkdjifjm.bazaar

</details> <details><summary>bumblebee</summary>

Example Domains

</details> <details><summary>chinad</summary>

Links

Example Domains

</details> <details><summary>corebot</summary>

Links

Example Domains

</details> <details><summary>darkcracks</summary>

Links

Example Domains

</details> <details><summary>dircrypt</summary>

Links

Example Domains

</details> <details><summary>dnschanger (aka Alureon)</summary>

Links

Example Domains

</details> <details><summary>fobber (aka Tinba v3)</summary>

Example Domains

</details> <details><summary>fosniw</summary>

Example Domains

</details> <details><summary>gozi (aka Ursnif, Snifula, Papras)</summary>

Links

Example Domains

</details> <details><summary>kraken/v1 (aka Bobax, Oderoor)</summary>

Links

Example Domains

</details> <details><summary>kraken/v2 (aka Bobax, Oderoor)</summary>

Links

Example Domains

</details> <details><summary>locky</summary>

Links

Example Domains

</details> <details><summary>m0yv</summary>

Links

Time independent version in dga.py, time-dependent version in dga-td.py.

Example Domains

</details> <details><summary>monerodownloader</summary>

Example Domains

</details> <details><summary>murofet/v1 (aka LICAT)</summary>

Links

Example Domains

</details> <details><summary>murofet/v2 (aka LICAT)</summary>

Links

Example Domains

</details> <details><summary>murofet/v3 (aka LICAT)</summary>

Links

Example Domains

</details> <details><summary>mydoom (aka Novarg, Mimail.R, Shimgapi)</summary>

Example Domains

</details> <details><summary>necurs</summary>

Links

Example Domains

</details> <details><summary>newgoz (aka Gameover Zeus, Peer-to-Peer Zeus)</summary>

Links

Example Domains

</details> <details><summary>ngioweb</summary>

Links

Example Domains

minihileth-subatudofy.org revodihudom.info enisobure-antidimadom-minikevuship.org semiridinution-postepudency.com prolefexity-disorisance.org nonebazish-disahibelen-misehurarage.name ilolupage-nonurisudize-minikazolike.net semicofaxiful-enixakor-subafapehen.info overedaxive-nonameraness.net prevomozary-microfemaly.info

</details> <details><summary>nymaim</summary>

Example Domains

</details> <details><summary>nymaim2</summary>

Links

Example Domains

</details> <details><summary>padcrypt</summary>

Links

Example Domains

</details> <details><summary>pitou</summary>

Links

Example Domains

</details> <details><summary>pizd</summary>

Links

Example Domains

</details> <details><summary>proslikefan</summary>

Links

Example Domains

</details> <details><summary>pushdo</summary>

Example Domains

</details> <details><summary>pykspa/improved</summary>

Links

Example Domains

</details> <details><summary>pykspa/precursor</summary>

Links

Example Domains

</details> <details><summary>qadars</summary>

Links

Example Domains

</details> <details><summary>qakbot</summary>

Links

Example Domains

</details> <details><summary>qsnatch</summary>

Links

Example Domains

</details> <details><summary>ramnit</summary>

Links

Example Domains

</details> <details><summary>ranbyus/may</summary>

Links

Example Domains

</details> <details><summary>ranbyus/september</summary>

Links

Example Domains

</details> <details><summary>reconyc</summary>

This DGA has unpredictable seeding, i.e., it uses GetTickCount as the seed. I still list the DGA as it might be useful for testing or training DGA detection algorithms.

Example Domains

</details> <details><summary>sharkbot</summary>

Example Domains

</details> <details><summary>shiotob (aka Urlzone, Bebloh)</summary>

Links

Example Domains

</details> <details><summary>simda (aka Shiz)</summary>

Links

Example Domains

</details> <details><summary>sisron (aka TOMB, Win32/Agent.WRQ, Trojan.Scar)</summary>

Links

Example Domains

</details> <details><summary>suppobox</summary>

Links

Example Domains

</details> <details><summary>symmi</summary>

Links

Example Domains

</details> <details><summary>tempedreve</summary>

Links

Example Domains

</details> <details><summary>tinba (aka TinyBanker, Zusy)</summary>

Links

Example Domains

</details> <details><summary>tufik</summary>

Example Domains

</details> <details><summary>dmsniff</summary>

Example Domains

</details> <details><summary>unnamed_downloader</summary>

Example Domains

</details> <details><summary>unnamed_javascript_dga</summary>

Links

Example Domains

</details> <details><summary>vawtrak</summary>

Links

Example Domains

</details> <details><summary>xmrig_genesis (a XMRig malware using the bitcoin genesis block as seed))</summary>

Example Domains

</details> <details><summary>zloader</summary>

Links

Example Domains

</details>