baderj/domain_generation_algorithms
GitHub: baderj/domain_generation_algorithms
使用 Python 重新实现数十种已知恶意软件家族的域名生成算法,为安全研究提供可执行的逆向分析参考。
Stars: 690 | Forks: 165
# 域名生成算法
使用 Python 重新实现的恶意软件域名生成算法(Domain Generation Algorithms, DGA)。
## 概述
>murofet/v2(又名 LICAT)
### 链接
- [https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/](https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/)
### 示例域名
- cmqvvxtppnibli.biz
- cmqvvxtppnibli.com
- rloqpoiongsuwyq.net
- rloqpoiongsuwyq.org
- zsophzovtfor.info
- zsophzovtfor.biz
- nlifthjnbgnfweq.org
- nlifthjnbgnfweq.com
- hykpttqsxsmvkoc.info
- hykpttqsxsmvkoc.org
banjori(又名 MultiBanker 2, BankPatch(er))
### 链接 - [http://johannesbader.ch/2015/02/the-dga-of-banjori/](http://johannesbader.ch/2015/02/the-dga-of-banjori/) ### 示例域名 - earnestnessbiophysicalohax.com - kwtoestnessbiophysicalohax.com - rvcxestnessbiophysicalohax.com - hjbtestnessbiophysicalohax.com - txmoestnessbiophysicalohax.com - agekestnessbiophysicalohax.com - dbzwestnessbiophysicalohax.com - sgjxestnessbiophysicalohax.com - igjyestnessbiophysicalohax.com - zxahestnessbiophysicalohax.combazarbackdoor(又名 BazarLoader Team9Backdoor))
### 链接 - [https://johannesbader.ch/blog/the-dga-of-bazarbackdoor/](https://johannesbader.ch/blog/the-dga-of-bazarbackdoor/) - [https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/](https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/) - [https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/](https://johannesbader.ch/blog/yet-another-bazarloader-dga/) ### 示例域名 真实的 DGA: - adegjkaiggjm.bazar - eehhjmejjhjo.bazar - dehiildjjiin.bazar - ceeiklcjgikn.bazar - dceikkdhgikm.bazar - bfehjmbkghjo.bazar - adegjmaiggjo.bazar - dchiikdhjiim.bazar - efehikekghim.bazar - bdhhjkbijhjm.bazar 有缺陷的 DGA: -\_fdgimzkfgio.bazaar -e\`bfkieedfkk.bazaar -efdgikekfgim.bazaar -\]begimzgggio.bazaar -bbbfhlbgdfhn.bazaar -\^ehikizjjikk.bazaar -aechimajehio.bazaar -\]defiizigfik.bazaar -\`\`geiizeieik.bazaar -degfjkdjifjm.bazaarbumblebee
### 示例域名 - cmid1s1zeiu.life - itszko2ot5u.life - 3v1n35i5kwx.life - newdnq1xnl9.life - jkyj6awt1ao.life - ddrjv6y42b8.life - 1pnhp5o5za1.life - y13iqvlfjl5.life - xp0btfgegbo.lifechinad
### 链接 - [https://github.com/360netlab/DGA/issues/1](https://github.com/360netlab/DGA/issues/1) ### 示例域名 - 8f6bacmw30xxv6sc.cn - 486txu3yjly0xcmz.ru - xmi6x8zg9rkanmyo.info - spy1jhdbmvt2ueva.net - evybt5gtf2tprvbi.info - 7qbys97e3pcw262c.info - kz89iy97c7n7vbur.biz - zmkvvlsvkbffnuez.ru - tr1yy6lxtry1gsts.biz - mfq6uwq3p2hvc8zn.cncorebot
### 链接 - [https://johannesbader.ch/2015/09/the-dga-of-corebot/](https://johannesbader.ch/2015/09/the-dga-of-corebot/) ### 示例域名 - lkhylm0mhyfuhg.ddns.net - s63234wluv5v365bwp5.ddns.net - afe6mfy23xcxgfa.ddns.net - 7rsl1f34sfq0oj3jwvmfa6c.ddns.net - ir7l3po0gjy8ypqjm8o.ddns.net - 3lgrupwdivsfm2w4kng2iha.ddns.net - i8a0q2wdu8otulkfylo2gdq.ddns.net - kh1her76avy0qnelivijwd1.ddns.net - ubgp1f1han7lu410eh5.ddns.net - uliry8knadmpmdm4wti6oro.ddns.netdarkcracks
### 链接 - [https://blog.xlab.qianxin.com/uncovering_darkcracks_payload_delivery_framework_cn/#part2-runner%E5%88%86%E6%9E%90](https://blog.xlab.qianxin.com/uncovering_darkcracks_payload_delivery_framework_cn/#part2-runner%E5%88%86%E6%9E%90) ### 示例域名 - sTDFUgOAgjL.com - EVDFUgOAgjL.com - AVDFUgOAgjL.com - MVDFUgOAgjL.com - IVDFUgOAgjL.com - UVDFUgOAgjL.com - QVDFUgOAgjL.com - YTCFUgOAgjL.com - kTCFUgOAgjL.com - gTCFUgOAgjL.comdircrypt
### 链接 - [http://johannesbader.ch/2015/03/the-dga-of-dircrypt/](http://johannesbader.ch/2015/03/the-dga-of-dircrypt/) ### 示例域名 - rauggyguyp.com - llullzza.com - mluztamhnngwgh.com - mycojenxktsmozzthdv.com - inbxvqkegoyapgv.com - furiararji.com - zrkdvzjhse.com - wyuhdsdttczd.com - hpaxgpkteomjaxywwelr.com - mydojltbqjnwailyyoa.comdnschanger(又名 Alureon)
### 链接 - [https://johannesbader.ch/2016/01/the-dga-in-alureon-dnschanger/](https://johannesbader.ch/2016/01/the-dga-in-alureon-dnschanger/) ### 示例域名 - aktklyvbiu.com - zgimjzlnrl.com - tcfejerekw.com - tfaunnjmxt.com - ydvlfpkguw.comfobber(又名 Tinba v3)
### 示例域名 - vhkintjtksyxgjrzz.net - btpnxlsfdqbhzazyx.net - ukfmknjdenthvktgc.net - qupxsrhrmuoinqrit.net - gjsbydmrpfzsmnfiu.net - indpstqbetcpcqprx.net - gwrdmhyjfcpcutmhp.net - bwnzcyypcbmnlpfsw.net - twkpwfuecvvzcincq.net - pdwfuxgnahmgsxhit.netfosniw
### 示例域名 - app2.winsoft0.com - app2.winsoft1.com - app2.winsoft2.com - app2.winsoft3.com - app2.winsoft4.com - app2.winsoft5.com - app2.winsoft6.com - app2.winsoft7.com - app2.winsoft8.com - app2.winsoft9.comgozi(又名 Ursnif, Snifula, Papras)
### 链接 - [http://www.govcert.admin.ch/blog/18/gozi-isfb-when-a-bug-really-is-a-feature](http://www.govcert.admin.ch/blog/18/gozi-isfb-when-a-bug-really-is-a-feature) ### 示例域名 - quodpresidentemaxsagit.com - pertantumfitusu.com - indulgentiarumlicet.com - moriblasphemianegocii.com - ptribueretnossetnonin.com - nonsicordinario.com - svivacpecunias.com - inestimabiler.com - ulpurgatoriopetrum.com - papacricognitisipro.comkraken/v1(又名 Bobax, Oderoor)
### 链接 - [https://johannesbader.ch/2015/12/krakens-two-domain-generation-algorithms/](https://johannesbader.ch/2015/12/krakens-two-domain-generation-algorithms/) ### 示例域名 - ibbwnhgh.mooo.com - rbqdxflojkj.mooo.com - smhburg.dyndns.org - bltjhzqp.dyndns.org - clwafrfuuxq.yi.org - cffxugijxn.yi.org - ivxcxbj.dynserv.com - etllejr.dynserv.com - otpxmk.mooo.com - ejfjyd.mooo.comkraken/v2(又名 Bobax, Oderoor)
### 链接 - [https://johannesbader.ch/2015/12/krakens-two-domain-generation-algorithms/](https://johannesbader.ch/2015/12/krakens-two-domain-generation-algorithms/) ### 示例域名 - xpdbwuimwag.com - nwpegpjtx.com - smmyuhxlt.net - xjvyvnzivvt.net - lvctmusxcyz.tv - lvctmusxcyz.tv - cjuszcfwo.cc - egbmbdey.cc - wjxaprgne.com - vxbuggxhrgi.comlocky
### 链接 - [https://blogs.forcepoint.com/security-labs/lockys-new-dga-seeding-new-domains](https://blogs.forcepoint.com/security-labs/lockys-new-dga-seeding-new-domains) ### 示例域名 - gegjiimqmlgtdmk.tf - pccibcjncnhjn.yt - rddipikmrap.us - mmhmkqfc.be - vkcims.pm - qtysmobytagnrv.it - suhpqiumpjsv.ru - cscffbwbhs.ukm0yv
### 链接 - [https://malpedia.caad.fkie.fraunhofer.de/details/win.m0yv](https://malpedia.caad.fkie.fraunhofer.de/details/win.m0yv) - [YouTube 视频“接管 m0yv 的域名生成算法”](https://youtu.be/3RYbkORtFnk) 与时间无关的版本在 `dga.py` 中,与时间相关的版本在 `dga-td.py` 中。 ### 示例域名 - pywolwnvd.biz - ssbzmoy.biz - cvgrf.biz - npukfztj.biz - przvgke.biz - zlenh.biz - knjghuig.biz - uhxqin.biz - anpmnmxo.biz - lpuegx.bizmonerodownloader
### 示例域名 - 31b4bd31fg1x2.org - 31b4bd31fg1x2.tickets - 31b4bd31fg1x2.blackfriday - 31b4bd31fg1x2.hosting - 31b4bd31fg1x2.feedback - 3f8c8079fd4c5.org - 3f8c8079fd4c5.tickets - 3f8c8079fd4c5.blackfriday - 3f8c8079fd4c5.hosting - 3f8c8079fd4c5.feedbackmurofet/v1(又名 LICAT)
### 链接 - [https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/](https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/) ### 示例域名 - giywswshrgxcvoqgvrkthmfa.ru - xaiqpbprgymbvrwmzgiyprgdsk.com - amgqgularpzxeapztxenbx.net - pfscijbmthyfiyjgergugtkbqyh.org - xglfcmsgorvwfilhmzlcxxvkfege.info - rcteqwkequojntibvfyfaluwh.biz - mjfqylbiaunffuaeunzdqdwscu.ru - qobeylpxgpfknlptukyddqvklztg.com - rgwgizukficdgetwsxovtcknwkfm.info - betgyaeswxorwcvsdezdupbmb.orgmurofet/v3(又名 LICAT)
### 链接 - [https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/](https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/) ### 示例域名 - nxlya47huo61czerb18o51e11d30i55gycwe31lx.ru - jwdzptm69p62izcve41f22k37oyj16g63fqote11.com - p42p52nvd50izkqazaqe21lvo21pycqotp22e61.net - b28n40i25b68gte41o61dwc19htc29jwgxiqfzbr.org - ktirhsn50kzc49b58cyf32fwh14h64dzgxiqcz.info - bre41hvc29kri15ewpwdsazjyn40p52kwe21gw.biz - n30mwhsoxfqe51j56lunsg13o11hyd60ewf52nu.ru - hvcsjxd20mzm29d40nznunta27c29kyi55fun50.com - nzosg13oymzg63ntpxaro51btkvfyoshrk27.info - czfsn20exg53nzcqcrg43exf62b28p22pyd50lu.orgmydoom(又名 Novarg, Mimail.R, Shimgapi)
### 示例域名 - qehspqnmrn.info - mmahaesqar.in - pwprhhnqqn.in - mrspmramrn.in - arphansaqh.com - hrhspsrenn.net - aepaaemrmn.com - wsaehwmnms.in - arwrseqssh.com - ewamspqwha.wsnecurs
### 链接 - [http://johannesbader.ch/2015/02/the-dgas-of-necurs/](http://johannesbader.ch/2015/02/the-dgas-of-necurs/) ### 示例域名 - nccojqvabqvkiwhj.mx - hoedwwwywnmmbi.ac - aeaeneaoinf.mu - ccecggc.us - mfffpmgtplxbyagbtegh.com - thlxuwnadtdtsm.biz - edkomqpeufjyafccj.in - mxomklaqau.pw - nvutiptwteltin.tv - nhysbiomr.irnewgoz(又名 Gameover Zeus, Peer-to-Peer Zeus)
### 链接 - [https://johannesbader.ch/2014/12/the-dga-of-newgoz/](https://johannesbader.ch/2014/12/the-dga-of-newgoz/) ### 示例域名 - xzz3ug32bale1uo60y7xj6rge.com - 1hyzmw3l2phycet88hzr2do34.net - 2ppq821cfem5m1mdua46pxg7bj.biz - unlm9w9l8upy1kdde0kba7ktf.org - 1ixhw3p1ncr3cf1pjfrpz14n1u0e.com - 1o460ktpdhna1k0lk3ecwujxn.net - 183t0wjzlthe51wigptk4rl29.org - 1i3ux5a1hj6ndqejmxone45g0v.net - 5mcdp71mbutpb1tglu0s4p0lrf.com - n3i5yn19w82vmmpxv1k1l4xrjg.orgngioweb
### 链接 - [Netlab - Linux.Ngioweb 僵尸网络分析](https://blog.netlab.360.com/an-analysis-of-linux-ngioweb-botnet-en/) - [Netlab - Linux.Ngioweb 僵尸网络快速更新,现在它正针对 IoT 设备](https://blog.netlab.360.com/linux-ngioweb-v2-going-after-iot-devices-en/) ### 示例域名 minihileth-subatudofy.org revodihudom.info enisobure-antidimadom-minikevuship.org semiridinution-postepudency.com prolefexity-disorisance.org nonebazish-disahibelen-misehurarage.name ilolupage-nonurisudize-minikazolike.net semicofaxiful-enixakor-subafapehen.info overedaxive-nonameraness.net prevomozary-microfemaly.infonymaim
### 示例域名 - oftbpec.com - lotmpwyk.info - seikpwq.info - bcfatyltdvp.info - rfwstgy.com - hokybhnf.biz - evlovrxuw.net - mtzpbzbfvy.info - hacckgiakhl.com - mosmeuw.netnymaim2
### 链接 - [https://johannesbader.ch/2018/04/the-new-domain-generation-algorithm-of-nymaim/](https://johannesbader.ch/2018/04/the-new-domain-generation-algorithm-of-nymaim/) ### 示例域名 - surfaces-drawing.com - shaft-criterion.cc - stops-hash.id - unitsknowledge.com - wiredgraph.tm - timelydesignation.co - stablelikely.ch - stainless-loan.lk - wagon-documents.sc - trainerprocessors.tkpadcrypt
### 链接 - [http://johannesbader.ch/2016/03/the-dga-of-padcrypt/](http://johannesbader.ch/2016/03/the-dga-of-padcrypt/) ### 示例域名 - elkfcfnacacmofdf.com - mkmeeefncfnfdmbm.de - ffcdcnbmmnaeddcd.com - ddkfodnaadmbmofo.co.uk - efneboaodnmbecoa.co - bafomkfalcfcdkom.info - onlmcddadnacfclc.com - dcfmddfbobkmafma.com - lmmfdccmnnfnmfdl.co - kcknconmceeemlnm.compitou
### 链接 - [https://johannesbader.ch/2019/07/the-dga-of-pitou/](https://johannesbader.ch/2019/07/the-dga-of-pitou/) ### 示例域名 - --------------+ - koohoavab.net | - koohoavac.net | - koohoavad.net | - koohoavaf.net | - koohoavag.net | - koohoavah.net | - koohoavaj.net | - koohoavak.net | - koohoaval.net |pizd
### 链接 - [https://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured/](https://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured/) ### 示例域名 - difficultnearly.net - dollarnearly.net - difficultpossible.net - dollarpossible.net - eearlynation.net - escapenation.net - eearlypleasure.net - escapepleasure.net - eearlynearly.net - escapenearly.netproslikefan
### 链接 - [https://johannesbader.ch/2016/06/proslikefan/](https://johannesbader.ch/2016/06/proslikefan/) ### 示例域名 - flarvcpk.eu - stjneohiod.biz - vcevvkc.se - qylptiin.info - bsvisbttr.com - hjiknr.net - arpeiezki.org - gobqca.ru - tivqfahrmxdl.in - smutloo.namepushdo
### 示例域名 - weafokuggeir.kz - sictemuborug.kz - cirpicficj.kz - geijanmap.kz - fuxhuxsabi.kz - siclisozdokq.kz - sozcoqnafrex.kz - qeobifups.kz - cokoqdeah.kz - latqafbuxwic.kzpykspa/improved
### 链接 - [http://johannesbader.ch/2015/03/the-dga-of-pykspa/](http://johannesbader.ch/2015/03/the-dga-of-pykspa/) ### 示例域名 - uammskmq.org - jqplflktas.info - rybwtr.net - uyznvxlof.info - gakcmqiw.com - wewsvat.net - owhadwkskevw.net - nkndlzhjgrpc.info - isypszqe.net - joebbaamoyt.infopykspa/precursor
### 链接 - [http://johannesbader.ch/2015/07/pykspas-inferior-dga-version/](http://johannesbader.ch/2015/07/pykspas-inferior-dga-version/) ### 示例域名 - llfwhgn.com - guqqkaiq.biz - wctymo.net - lovfjsfox.com - oruhbanansnan.cc - mkncjk.biz - yunonsuiwcymao.net - yxpojufqbex.com - qhxgzufqbex.cc - yywiywiq.bizqadars
### 链接 - [https://www.johannesbader.ch/2016/04/the-dga-of-qadars/](https://www.johannesbader.ch/2016/04/the-dga-of-qadars/) ### 示例域名 - jk9enwhansl2.org - sdqfodmf81m7.net - 5uro1uzspejk.net - ub4hinsduf0p.net - zs9ijo1er81u.com - 0t67c5arw9yf.net - lev41encha38.net - 67k1q3c1mr8x.org - 7w1yf49irk5m.net - gdunwhq7s9qb.orgqakbot
### 链接 - [https://johannesbader.ch/2016/02/the-dga-of-qakbot/](https://johannesbader.ch/2016/02/the-dga-of-qakbot/) ### 示例域名 - bqkrtxgkmriwsiwcngtivpx.info - jdtmfupdyueqeldvhsjzdvzob.net - guhmpoxzivhba.com - nqqxqhuacaqhzurde.org - lgqsqgpqzijwid.info - ykolyecdcyk.biz - ztvflnxqzpxvpfobv.biz - zqrmkpivrbxccawozqwqpfzh.org - iqyqwhntrxfeq.org - ftadkbomxlnsib.infoqsnatch
### 链接 - [https://www.kyberturvallisuuskeskus.fi/en/news/qsnatch-malware-designed-qnap-nas-devices](https://www.kyberturvallisuuskeskus.fi/en/news/qsnatch-malware-designed-qnap-nas-devices) - [https://johannesbader.ch/blog/the-dga-of-qsnatch/](https://johannesbader.ch/blog/the-dga-of-qsnatch/) ### 示例域名 - t2q2r.cf - gc9nz.tk - 07tvvc.com - 7ubqo.ml - 53bcm.de - 6zltf.rocks - hv7uv.mx - nypno.biz - qkzccy.net - rassb.cnramnit
### 链接 - [https://johannesbader.ch/2014/12/the-dga-of-ramnit/](https://johannesbader.ch/2014/12/the-dga-of-ramnit/) ### 示例域名 - knpqxlxcwtlvgrdyhd.com - nvlyffua.com - hgyudheedieibxy.com - anrywcbnjopdd.com - vrndmdrdrjoff.com - jhghrlufoh.com - tqjhvylf.com - hufqifjq.com - itktxexjghvvxa.com - ppyblaohb.comranbyus/may
### 链接 - [http://johannesbader.ch/2015/05/the-dga-of-ranbyus/](http://johannesbader.ch/2015/05/the-dga-of-ranbyus/) ### 示例域名 - ikwoqkwuajpbyx.com - niukpdrluwlfox.pw - rcnxisuibbadng.in - wbqtidjvsdiwee.me - jrdyumcieyipnv.cc - yvyfwikedfxitk.su - tviurcntxylxnj.tw - lycyrvfcemepfm.net - epddeukdimbpft.com - trbhxhmbsikoaq.pwranbyus/september
### 链接 - [http://johannesbader.ch/2015/09/ranbyuss-dga-revisited/](http://johannesbader.ch/2015/09/ranbyuss-dga-revisited/) ### 示例域名 - jxbdxeyxttdmcjagi.me - iqmadgybfhnrssadm.cc - gdoldaognceaedkke.su - jnbnyrmxmpblfgstk.tw - ucjetnyaitygjidva.net - jejocqwtcbtuymvao.com - stuctjsqfxghcesyw.pw - gfidctymbxiaqyuyk.in - ojrqwrlhesfshawva.me - bqjqvwwjirftwkjel.ccreconyc
**此 DGA 具有不可预测的种子**,即它使用 ``GetTickCount`` 作为种子。我仍然列出了该 DGA,因为它可能对测试或训练 DGA 检测算法有用。 ### 示例域名 - E5zHail0Mw.com - gabbvK2o6s.com - CumpP2A4d7.com - 5eswmwNQyF.com - lExfSzyuwP.com - JZpESGsPFF.com - UmIaRnijeT.com - sHr0xE9Idm.com - nYcEX7wlCF.com - VCiZNQXwpO.comsharkbot
### 示例域名 - 64f30398ecda3bbf.xyz - f008fc473fddedc4.live - cfbadaf0cd7b0ac3.com - b8d28386413029fe.store - 99c485497c079a09.info - 6d54b683fc2cc58f.top - abb7547058fef9fb.netshiotob(又名 Urlzone, Bebloh)
### 链接 - [https://johannesbader.ch/2015/01/the-dga-of-shiotob/](https://johannesbader.ch/2015/01/the-dga-of-shiotob/) ### 示例域名 - wtipubctwiekhir.net - rwmu35avqo12tqc.com - rskb5bsfhm2fk5h.net - rbp9pprrxgflut9.com - zzxeyzgy45yy2a.net - e3oa4wglvd21xa.com - mqmq1hvmtxzjv.net - pd4o4wu24vimn.com - tlmrzvpbpsqsb.net - pbmnz59uzndpo.comsimda(又名 Shiz)
### 链接 - [http://johannesbader.ch/2015/03/the-dga-of-simda-shiz/](http://johannesbader.ch/2015/03/the-dga-of-simda-shiz/) ### 示例域名 - gatyfus.com - lyvyxor.com - vojyqem.com - qetyfuv.com - puvyxil.com - gahyqah.com - lyryfyd.com - vocyzit.com - qegyqaq.com - purydyv.comsisron(又名 TOMB, Win32/Agent.WRQ, Trojan.Scar)
### 链接 - [https://www.johannesbader.ch/2016/06/the-dga-of-sisron/](https://www.johannesbader.ch/2016/06/the-dga-of-sisron/) ### 示例域名 - mdiwnjiwmtya.com - mdewnjiwmtya.com - mzewntiwmtya.com - mzawntiwmtya.com - mjkwntiwmtya.com - mjgwntiwmtya.com - mjcwntiwmtya.com - mjywntiwmtya.com - mjuwntiwmtya.com - mjqwntiwmtya.comsuppobox
### 链接 - [http://www.rsaconference.com/writable/presentations/file_upload/br-r01-end-to-end-analysis-of-a-domain-generating-algorithm-malware-family.pdf](http://www.rsaconference.com/writable/presentations/file_upload/br-r01-end-to-end-analysis-of-a-domain-generating-algorithm-malware-family.pdf) ### 示例域名 - journey - destroy - against - night - within - effort - street - better - husband - littlesymmi
### 链接 - [http://johannesbader.ch/2015/01/the-dga-of-symmi/](http://johannesbader.ch/2015/01/the-dga-of-symmi/) ### 示例域名 - ogovugtuipawi.ddns.net - afowkaupbabe.ddns.net - ipkureleakm.ddns.net - hegiruqo.ddns.net - luimreim.ddns.net - tiakqukoahuvu.ddns.net - loelkuanduur.ddns.net - agdehukoev.ddns.net - giagkuekorla.ddns.net - leufiroqipomu.ddns.nettempedreve
### 链接 - [https://github.com/baderj/domain_generation_algorithms/tree/master/tempedreve/images](https://github.com/baderj/domain_generation_algorithms/tree/master/tempedreve/images) ### 示例域名 - dlbebsga.net - enqbgrmt.com - xjlwpfnk.info - ebabkjcx.org - hvisietg.net - svyjglen.com - glknxfgq.info - adoduloh.org - jgrxrxwh.net - ctmrgbmz.comtinba(又名 TinyBanker, Zusy)
### 链接 - [http://johannesbader.ch/2015/04/new-top-level-domains-for-tinbas-dga/](http://johannesbader.ch/2015/04/new-top-level-domains-for-tinbas-dga/) ### 示例域名 - blackfreeqazyio.cc - nvfowikhevmy.com - nvfowikhevmy.net - nvfowikhevmy.in - nvfowikhevmy.ru - sjhuqlwrqhqx.com - sjhuqlwrqhqx.net - sjhuqlwrqhqx.in - sjhuqlwrqhqx.ru - pxqgonyogeee.comtufik
### 示例域名 - dbqwpmpnruesywj.com - qxxmubfleztlnkx.com - rrnywowqgmjvnltg.com - rqnjdvzpsmbuw.com - utoiopxjrphvoiy.org - ttoouemmimnxnmj.com - nmjsoourllgveecj.org - juprvzxqotonvvs.biz - nmjsoourllgveecj.biz - dotqwjmhqlushjlo.bizdmsniff
### 示例域名 - albdfhln.com - alcgkown.com - aldjpvqt.com - alemuown.com - alfpmrnq.org - algspvqt.org - alhvrytw.org - aliyuown.org - aljnwpyo.org - alkpmrnq.netunnamed_downloader
### 示例域名 - ddknt.github.io - ddktn.github.io - ddnkt.github.io - ddntk.github.io - ddtkn.github.io - ddtnk.github.io - dkdnt.github.io - dkdtn.github.io - dkndt.github.io - dkntd.github.iounnamed_javascript_dga
### 链接 - [https://johannesbader.ch/2015/11/a-javascript-based-dga/](https://johannesbader.ch/2015/11/a-javascript-based-dga/) ### 示例域名 - rxxeqcoy.cc - kmymbyzd.co - cfukbzbmg.eu - sblwtafc.cc - lqdoacat.co - dplmjcjic.eu - ttukaiwjdx.cc - meimklqh.co - enmxqcxhtl.eu - unmias.ccvawtrak
### 链接 - [http://www.threatgeek.com/2016/11/vawtrak-dga-round-2.html](http://www.threatgeek.com/2016/11/vawtrak-dga-round-2.html) ### 示例域名 - usahwutle.com - folocnam.com - awumsah.com - edorwufli.com - misocgutlah.com - edarwotda.com - melarwetdic.com - usucnitdohg.com - regomseh.com - osicnumd.comxmrig_genesis(一种使用比特币创世块作为种子的 XMRig 恶意软件))
### 示例域名 - 1d78e50d.com - 1d78e50d.net - 1d78e50d.org - 1d78e50d.duckdns.org - 2b04216f.com - 2b04216f.net - 2b04216f.org - 2b04216f.duckdns.org - 2e1d985c.com - 2e1d985c.netzloader
### 链接 - [https://johannesbader.ch/blog/the-dga-of-zloader/](https://johannesbader.ch/blog/the-dga-of-zloader/) ### 示例域名 - gdurfdsywubjaaqcqhrh.com - vudktykcecigekhtwwqn.com - jcaofaekffeojktmpdax.com - iiphrhkculpnubvvxnbh.com - bjdbpgbjdyredhfyvpie.com - wramitvqeojecedajxoj.com - ohyjybhogoeoabjqvpie.com - fscqtelyeogmxudotlao.com - nsdtxvnwtxjwphbuqffe.com - bohchavtvhbejwcmekvo.com标签:DAST, DGA算法, IP 地址批量处理, Python, 威胁情报, 开发者工具, 恶意软件分析, 无后门, 逆向工具