The DGA of BumbleBee
September 15, 2023 This very short post shows the Domain Generation Algorithm of BumbleBee, a loader for Cobalt Strike or other malware.
Latest Blogposts
Sinkholing the Domain Generation Algorithm of m0yv
March 31, 2023 Video that shows the DGA of the fileinfector m0yv and results of sinkholing domains for over a year.
The Domain Generation Algorithm of Orchard v3 A DGA Seeded by the Bitcoin Genesis Block
July 24, 2022 The Orchard malware uses a domain generation algorithm (DGA) that is seeded both by the current date, and also by the current balance of the Bitcoin genesis block.
The Domain Generation Algorithms of SharkBot
June 4, 2022 SharkBot uses a DGA for communication, which was changed several times during the development of SharkBot. This blogpost shows four versions of the DGA, and their differences.
Projects
Rösti
Rösti provides Repackaged Öpen Source Threat Intelligence gathered from public reports. The Indicators of Compromise (IOCs) are available in various formats, including MISP, STIX and ECS.
Reverse-Engineered Domain Generation Algorithms in Python
GitHub repository featuring Python reimplementations of Domain Generation Algorithms (DGAs) that I reverse-engineered.