The DGA of Zloader

April 26, 2020 Zloader — also known as Terdot, DELoader or Zeus Sphinx — is a malware from May 2016 that has resurged in the last few weeks. This blog post shows how to reverse engineer the domain generation algorithm of Zloader.

link post 'The DGA of Zloader'

The DGA of a Monero Miner Downloader

January 23, 2020 This blog posts deals with a domain generation algorithm (DGA) with exotic top levels like .tickets, .blackfriday or .feedback. Among others, Bert Hubert noticed the DGA domains and posted them on Twitter:

link post 'The DGA of a Monero Miner Downloader'

The DGA of QSnatch

November 12, 2019 QSnatch is a malware that infects QNAP NAS devices. It collects and exfiltrates user credentials from vulnerable devices, and can also load malicious code from its command and control (C2) servers. These C2 servers are resolved by algorithmically generated domains.

link post 'The DGA of QSnatch'

The DGA of Pitou Analyzing a Virtualized Algorithm

July 8, 2019 The domain generation algorithm (DGA) of Pitou runs in kernel mode and is protected by a virtual machine, which makes it the hardest DGA I have reverse-engineered so far.

link post 'The DGA of Pitou'