The new Domain Generation Algorithm of Nymaim

The Nymaim malware first appeared in 2013. It is mainly used as a downloader for other malware such as ransomware, but it later also started manipulating search results for click fraud. Many great...

read

The DGA of Sisron

Sisron was part of a financial fraud and identity theft botnet. It was taken down by Microsoft in the anti-botnet operation B106. The malware uses a very simple domain generation algorithm (DGA) that...

read
notes

The DGA of Qadars v3

In March, the following sample caught my attention because it relies on a Domain Generation Algorithm (DGA) to communicate with its C&C-servers: md5 0dcbb31cbc5279293cb5ebf4cd9eff4e

read
notes

The DGA of PadCryptVersions 2.2.86.0 and 2.2.97.1

EDIT 2016-03-06: I completely missed that Lawrence Abrams of BleepinComputer.com not only reversed the DGA of PadCrypt long before me, but also tweeted an updated version of the DGA. Many thanks to...

read