refinery

Analysing TA551/Shathak Malspam With Binary Refinery

November 1, 2021 This blog post shows how the open source framework “binary refinery™” can extract the download URL of complicated TA551 malspam emails.

link post 'Analysing TA551/Shathak Malspam With Binary Refinery'
summer-bug

A BazarLoader DGA that Breaks Down in the Summer

August 9, 2021 Domain generation algorithms are relatively straightforward to program and usually bug free. Not so the new DGA of BazarLoader, which goes haywire during the summer months.

link post 'A BazarLoader DGA that Breaks Down in the Summer'
bazaar3

Yet Another Bazar Loader DGA

January 23, 2021 Bazar Loader decided to change its perfectly fine domain generation algorithm (DGA) once again. The change in the algorithm is very minor, but it yields more domain names.

link post 'Yet Another Bazar Loader DGA'
bazar2

Next Version of the Bazar Loader DGA

December 16, 2020 This blog post shows yet another domain generation algorithm of Bazar Loader. Although it still uses exclusively the .bazar top level domain and similar seeding, the algorithm itself is completely new.

link post 'Next Version of the Bazar Loader DGA'
see all blog posts