bazarglitch

The Defective Domain Generation Algorithm of BazarLoader

July 15, 2020 This blog post is about the faulty domain generation algorithm found in some BazarLoader samples. The DGA not only uses an invalid tld, it also occasionally generates invalid characters for the second level domain.

link post 'The Defective Domain Generation Algorithm of BazarLoader'
bazaar

The Domain Generation Algorithm of BazarLoader A DGA based on the Emercoin TLD .bazar

July 11, 2020 BazarBackdoor is a module of the dreaded TrickBot Trojan. It is mostly used to gain a foothold in compromised enterprise networks.

link post 'The Domain Generation Algorithm of BazarLoader'
zloader

The DGA of Zloader

April 26, 2020 Zloader — also known as Terdot, DELoader or Zeus Sphinx — is a malware from May 2016 that has resurged in the last few weeks. This blog post shows how to reverse engineer the domain generation algorithm of Zloader.

link post 'The DGA of Zloader'
monero

The DGA of a Monero Miner Downloader

January 23, 2020 This blog posts deals with a domain generation algorithm (DGA) with exotic top levels like .tickets, .blackfriday or .feedback. Among others, Bert Hubert noticed the DGA domains and posted them on Twitter:

link post 'The DGA of a Monero Miner Downloader'