Skip to content

Commit be28abd

Browse files
baderjbaderj
committed
New DGA: CoreBot
1 parent 5881410 commit be28abd

File tree

3 files changed

+84
-0
lines changed

3 files changed

+84
-0
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,3 +22,4 @@ murofet/v1 | Murofet Variant 1 | LICAT | [link](https://johannesbader.ch/2015/09
2222
murofet/v2 | Murofet Variant 2 | LICAT | [link](https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/)
2323
murofet/v3 | Murofet Variant 3 | LICAT | [link](https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/)
2424
fobber | Fobber | Tinba v3 | |
25+
corebot | CoreBot | | [link](https://johannesbader.ch/2015/09/the-dga-of-corebot/)

corebot/dga.py

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
import argparse
2+
from datetime import datetime
3+
4+
r = 0x1DB98930
5+
len_l = 0xC
6+
len_u = 0x18
7+
8+
9+
def init_rand_and_chars(year, month, day, nr_b):
10+
global r
11+
r = (r + year + ((nr_b << 16) + (month << 8) | day)) & 0xFFFFFFFF
12+
charset = [chr(x) for x in xrange(ord('a'), ord('z'))] +\
13+
[chr(x) for x in xrange(ord('0'), ord('9'))]
14+
15+
return charset
16+
17+
def generate_domain(charset):
18+
global r
19+
r = (1664525*r + 1013904223) & 0xFFFFFFFF
20+
domain_len = len_l + r % (len_u - len_l)
21+
domain = ""
22+
for i in range(domain_len, 0, -1):
23+
r = ((1664525 * r) + 1013904223) & 0xFFFFFFFF
24+
domain += charset[r % len(charset)]
25+
domain += ".ddns.net"
26+
print(domain)
27+
28+
if __name__=="__main__":
29+
parser = argparse.ArgumentParser()
30+
parser.add_argument("-d", "--date", help="date for which to generate domains")
31+
parser.add_argument("-n", "--nr", help="nr of domains to generate", type=int, default=40)
32+
args = parser.parse_args()
33+
if args.date:
34+
d = datetime.strptime(args.date, "%Y-%m-%d")
35+
else:
36+
d = datetime.now()
37+
38+
charset = init_rand_and_chars(2015, 9, 8, 1)
39+
#charset = init_rand_and_chars(d.year, d.month, 8, 1)
40+
for _ in range(40):
41+
generate_domain(charset)
42+
43+

corebot/example_domains.txt

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
lkhylm0mhyfuhg.ddns.net
2+
s63234wluv5v365bwp5.ddns.net
3+
afe6mfy23xcxgfa.ddns.net
4+
7rsl1f34sfq0oj3jwvmfa6c.ddns.net
5+
ir7l3po0gjy8ypqjm8o.ddns.net
6+
3lgrupwdivsfm2w4kng2iha.ddns.net
7+
i8a0q2wdu8otulkfylo2gdq.ddns.net
8+
kh1her76avy0qnelivijwd1.ddns.net
9+
ubgp1f1han7lu410eh5.ddns.net
10+
uliry8knadmpmdm4wti6oro.ddns.net
11+
g85j7rs4apkfmlqryh7xq6s.ddns.net
12+
7xcfq4u2ghstaxer5ne.ddns.net
13+
7xcbe6wtg0o2i0odq6kjyns.ddns.net
14+
o4kjcxapejwl3h5x3j1.ddns.net
15+
ghqnw4gle8q2qti.ddns.net
16+
itgvo6wdwxynmf7v56i.ddns.net
17+
e8yxa6wfu0yt1vk41xm4k83.ddns.net
18+
76o2up3p5ly830cho4et50s.ddns.net
19+
s25be0k0mdgn7hg8ot3fgr7.ddns.net
20+
eh5favql7fwpmh1.ddns.net
21+
storip3l7dsdunybebc.ddns.net
22+
7hidw470qxgjch1nwfw.ddns.net
23+
1pwr1taxotk4un32gfo.ddns.net
24+
wrw0w2ulqxcn7lm.ddns.net
25+
gjw2ini65xi6qr7p7tq.ddns.net
26+
ybylsvo0ahwpe2i0mdinibo.ddns.net
27+
mt58e2yvibepeps2mvm.ddns.net
28+
ebsrkdw2ef32ct3hijen7pm.ddns.net
29+
u4etk4uta4ang47.ddns.net
30+
qbk6itife8w2excl3pafsn7.ddns.net
31+
m0mpihgtmbg05f5dmtax1hq.ddns.net
32+
gbkdglg2c0q6o6s8ij1.ddns.net
33+
q072mharq4mpc2y6y8a6i4q.ddns.net
34+
3fgbyfmxkl5n1fkbs8wjqfm.ddns.net
35+
c2o8k2ynet72mpevcv72avg.ddns.net
36+
5h3tkn1psb187xgfghi.ddns.net
37+
yx167r3nirwbsj70cta.ddns.net
38+
18i2ejw4ctspqx7.ddns.net
39+
7bq2qf7hixw21du6of3.ddns.net
40+
snup5t5tyv1x7pyfoba.ddns.net

0 commit comments

Comments
 (0)