cover image for post The DGA of BumbleBee

The DGA of BumbleBee

September 15, 2023 This very short post shows the Domain Generation Algorithm of BumbleBee, a loader for Cobalt Strike or other malware.

link post 'The DGA of BumbleBee'
cover image for post Sinkholing the Domain Generation Algorithm of m0yv

Sinkholing the Domain Generation Algorithm of m0yv

March 31, 2023 Video that shows the DGA of the fileinfector m0yv and results of sinkholing domains for over a year.

Guest Post
for threatcat.ch
link post 'Sinkholing the Domain Generation Algorithm of m0yv'
cover image for post The Domain Generation Algorithm of Orchard v3

The Domain Generation Algorithm of Orchard v3 A DGA Seeded by the Bitcoin Genesis Block

July 24, 2022 The Orchard malware uses a domain generation algorithm (DGA) that is seeded both by the current date, and also by the current balance of the Bitcoin genesis block.

link post 'The Domain Generation Algorithm of Orchard v3'
cover image for post The Domain Generation Algorithms of SharkBot

The Domain Generation Algorithms of SharkBot

June 4, 2022 SharkBot uses a DGA for communication, which was changed several times during the development of SharkBot. This blogpost shows four versions of the DGA, and their differences.

link post 'The Domain Generation Algorithms of SharkBot'
see all blog posts