New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Susp DGA from VT: A fix length of 7, a-z, tlds: [net] #3

Closed

suqitian opened this issue Aug 9, 2016 · 1 comment

Member

suqitian commented Aug 9, 2016 •

edited

Loading

MD5
c3c260899fa7caea5edc4cfe5ad57e9c
Hints from [VT]
bonylec.net
bopamum.net
bopegim.net
bopipyf.net
bopizyf.net
bopucef.net
bopybim.net
bovatat.net
bovozot.net
cibopet.net
cidicif.net
cidipif.net
cidozof.net
cihazom.net
ciherom.net
cihykam.net
cinaryt.net
cinazyt.net
direfes.net
direvys.net
disixub.net
disusyb.net
dixusow.net
But this DNS requests can not repeat in our Cuckoo Sandbox. Maybe I should run it in my Win7 VirtualBox.

Member Author

suqitian commented Oct 14, 2016

A new seed of simda.
Key: 167bdf6e5e05c53a8a52b9505876ed
TLD: net
SLD_len: 7
The number of domains: 1000

Test:

$  python dga.py 0x45ae94b2 1000 7 net 167bdf6e5e05c53a8a52b9505876ed | sort | less
bocipot.net
...
bonylec.net
bopamum.net
bopegim.net
bopipyf.net
bopizyf.net
bopucef.net
bopybim.net
bovatat.net
bovozot.net
...

And dga.py is here.

suqitian closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment