The DGA of QSnatch

November 12, 2019 QSnatch is a malware that infects QNAP NAS devices. It collects and exfiltrates user credentials from vulnerable devices, and can also load malicious code from its command and control (C2) servers. These C2 servers are resolved by algorithmically generated domains.

link post 'The DGA of QSnatch'

The DGA of Pitou Analyzing a Virtualized Algorithm

July 8, 2019 The domain generation algorithm (DGA) of Pitou runs in kernel mode and is protected by a virtual machine, which makes it the hardest DGA I have reverse-engineered so far.

link post 'The DGA of Pitou'

The new Domain Generation Algorithm of Nymaim

April 29, 2018 The Nymaim malware first appeared in 2013. It is mainly used as a downloader for other malware such as ransomware, but it later also started manipulating search results for click fraud.

link post 'The new Domain Generation Algorithm of Nymaim'

The DGA of Sisron

June 2, 2016 Sisron was part of a financial fraud and identity theft botnet. It was taken down by Microsoft in the anti-botnet operation B106. The malware uses a very simple domain generation algorithm (DGA) that produces sets of similar looking domains.

link post 'The DGA of Sisron'