domain_generation_algorithms

• http://johannesbader.ch/2015/02/the-dga-of-banjori/

• EarnestnessbiophySicalohax.com
• kwtoestnessbiophysicalohax.com
• rvcxestnessbiophysicalohax.com
• HJBTESTNESSBIOPHYSISIALOHAX.COM
• txmoestnessbiophysicalohax.com
• Agekestnessbiophysicalohax.com
• DBZWESTNESSBIOPHYSISIALOHAX.COM
• Sgjxestnessbiophysicalohax.com
• IGJYESTNESSBIOPHYSISIALOHAX.COM
• zxahestnessbiophysicalohax.com

• https://johannesbader.ch/blog/the-dga-of-bazarbackdooor/
• https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/
• https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/

Real DGA:

• Adegjkaiggjm.bazar
• eehjmejjjo.bazar
• Dehiildjjiin.bazar
• CEEIKLCJGIKN.Bazar
• dceikkdhgikm.bazar
• BFEHJMBKGGHO.BAZAR
• Adegjmaiggjo.bazar
• dchiikdhjiim.bazar
• Effehkekghim.bazar
• Bdhjkbijhm.bazar

BGGY DGA: -_FDGIMZKFGIO.BAZAAR -E'BFKIEEDFKKABABAZAAR -EFDGKEKFGIM.BAZAAR -BEGIMZGGIO.BAZAAR -BBBHLBGDFHN.BAZAAR -^Ehikizjjkik.Bazaar --achimajehio.bazaar -] Defiizigfik.bazaar -`` begizeieIik.bazaar -degfjdjifjm.bazaar

• cmid1s1zeiu.life
• Itszko2ot5u.life
• 3V1N35i5kwx.life
• NewdnQ1XNL9.Life
• jkyj6awt1ao.life
• Ddrjv6y42b8.life
• 1PNHP5O5ZA1.Life
• y13iqvlfjl5.life
• xp0btfgegbo.life

• 360netlab/dga#1

• 8f6BACMW30xxv6sc.cn
• 486txu3yjly0xcmz.ru
• xii6x8zg9rkanmyo.info
• spy1jhhdbmvt2ueva.net
• Evybt5GTF2TPRVBI.info
• 7qbys97e3pcw262c.info
• kz897c7n7vbur.biz
• zmkvlsvkbfnuez.ru
• TR1YY6LXTRY1GSTS.BIZ
• mfq6uwq3p2hvc8zn.cn

• https://johannesbader.ch/2015/09/the-dga-of-corebot/

• Lkhylm0mhyfuhg.dns.net
• S63234WLUV5V365BWP5.DDNS.NET
• AFE6MFY23xcxgfa.DNS.NET
• 7rsl1f34sfq0oj3jwvmfa6c.dns.net
• Ir7l3po0gjy8ypqjm8o.ddns.net
• 3LGUPWDIVSFM2W4KNG2IHA.DDNS.NET
• i8a0Q2WDU8otulkfylo2GDQ.DNNS.NET
• kh1her76avy0Qnelivijwd1.ddns.net
• UBGP1f1HAN7LU410EH5.DDNS.NET
• ulier8knadmpmmdm4wti6oro.dns.net

• https://blog.xlab.qianxin.com/uncovering_darkcracks_payload_delivery_framework_cn/#part2-runner%E5%88%86%E6%9E%90

• stdfugagjl.com
• Evdfugagjl.com
• Avdfugagjl.com
• Mvdfugagjl.com
• Ivdfugagjl.com
• Uvdfugagjl.com
• QVDFUGAGJL.com
• Ytcfugagjl.com
• ktcfugagjl.com
• gtcfugagjl.com

• http://johannesbader.ch/2015/03/the-dga-f-dircrypt/

• rauggyguyp.com
• llulzza.com
• mluztamhnngwgh.com
• Mycojenxktsmozzthdv.com
• Inbxvqkegiapgv.com
• Furiararji.com
• zrkdvzjhse.com
• wyuhdsdttczd.com
• hpaxgpkteomjaxywwelr.com
• MyDojltbqjnwailiya.com

• https://johannesbader.ch/2016/01/the-dga-in-alureon-dnSchandger/

• aktklyvbiu.com
• zgimjzlnrl.com
• TCFEJEREKW.COM
• tfunnjmxt.com
• ydvlfkguw.com

• Vhkintjtksyxgjrz.net
• btpnxlsfdqbhzazyx.net
• ukfmknjdenthvktgc.net
• QUPXSRHRHRMUOOONQRIT.NET
• gjsbydmrpfzsmnfiu.net
• Indpsqbetcpcqprx.net
• gwrdmhyjfcpcutmhp.net
• bwzcypcbmnlpfsw.net
• TwKPWFUECVZCINCQ.NET
• pdwfuxgnahmgsxhit.net

• App2.winsoft0.com
• App2.winsoft1.com
• App2.winsoft2.com
• App2.winsoft3.com
• App2.winsoft4.com
• App2.winsoft5.com
• App2.winsoft6.com
• App2.winsoft7.com
• App2.winsoft8.com
• App2.winsoft9.com

• http://www.govcert.Admin.ch/blog/18/gazi-isfb-when-a-bug-rely-is-a-fatuure

• QuODPRESIDENTEAXSATIAT.CIT.
• pertantumfitusu.com
• indulgentiarumlicet.com
• Moriblasphemianegoci.com
• ptribueretnosSetnonin.com
• Nonsicordinario.com
• svivacpecunias.com
• Instimabiler.com
• Ulpurgatoripetrum.com
• Papacricognitisipro.com

• https://johannesbader.ch/2015/12/krakens-two-domain-ganration-algorithms/

• ibbwnhgh.mooo.com
• rbqdxflojkj.mooo.com
• smhburg.deyndns.org
• Bltjhzqp.Dyndns.org
• Clwafrfuuxq.yi.org
• cffxugijxn.yi.org
• Ivxcxbj.Dynserv.com
• etllejr.dynserv.com
• otpxmk.mooo.com
• ejfjyd.mooo.com

• https://johannesbader.ch/2015/12/krakens-two-domain-ganration-algorithms/

• XPDBwuimwag.com
• nwpegpjtx.com
• Smmyuhxlt.net
• xjvyvnzivt.net
• LVCTMUSXCYZ.TV
• LVCTMUSXCYZ.TV
• cjuszcfwo.cc
• egbmbdey.cc
• wjxaprgne.com
• vxbuggxhrgi.com

• https://blogs.forcepoint.com/security-Labs/lockys-New-Dga-seeding-New-Domains

• Gegjiimqmlgtdmk.tf
• PCCIBCJNCNHNHN.YT
• RDDIPIKMRAP.US
• mmhmkqfc.be
• vkcims.pm
• Qtysmobytagnrv.it
• suhpqiumpjsv.ru
• cscfbwbhs.uk

• https://malpedia.caad.fkie.fraunhofer.de/details/win.m0yv
• YouTube Video "SinkHoling the Domain Generation Algorithm of M0yv"

Time independent version in dga.py , time-dependent version in dga-td.py .

• pywolwnvd.biz
• Ssbzmoy.biz
• cvgrf.biz
• npukfztj.biz
• Przvgke.biz
• zlenh.biz
• Knjghuig.biz
• Uhxqin.biz
• anpmanmxo.biz
• lpuegx.biz

• 31B4BD31fg1x2.org
• 31B4BD31fg1x2.Tikkets
• 31B4BD31fg1x2.BlackFRIIY
• 31B4BD31fg1x2.hosting
• 31B4BD31fg1x2.feedback
• 3f8c8079fd4c5.org
• 3f8c8079fd4c5.tickets
• 3f8c8079fd4c5.blackfriday
• 3f8c8079fd4c5.hosting
• 3f8c8079fd4c5.fedback

• https://johannesbader.ch/2015/09/three-Variants-of-murofets-dga/

• Giywswshrgxcvoqgvrkthmfa.ru
• xaiqpbrgymbrwmzgigrgdsk.com
• amgqularpzxepztxenbx.net
• PFSCIJIJBMHYFIYJGORGGUGTKBQYH.ORG
• xglfcmsgorvwfilhmzlcxxvkfege.info
• RCTEQWKEQUOJNTIBVFYFALUWH.BIZ
• mjfqylbiaunfuaeunzdqdwscu.ru
• Qobeylpxgpfknptukydqvklztg.com
• RGWGIZUKFICDGETWSXOVTCKNWKFM.INFO
• Betgyaeswxorwcvsdezdupb.org

• https://johannesbader.ch/2015/09/three-Variants-of-murofets-dga/

• CMQVXTPNIBLI.BIZ
• cmqvxtpnibli.com
• rloqpoiongsuwyq.net
• rloqpoiongsuwyq.org
• zsophzovtfor.info
• zsophzovtfor.biz
• nlifthjnbgenfweq.org
• nlifthjnbgenfweq.com
• Hyktttqssssmvkoc.info
• Hykpttqssssmvkoc.org

• https://johannesbader.ch/2015/09/three-Variants-of-murofets-dga/

• nxlya47huo61czerb18o51e11d30i55GYCWE31LX.ru
• jwdzptm69p62izcve41f22k37oyj16g63fqote11.com
• P42p52NVD50IZKKAZAQE21LVO21PYCQOTP2E61.NET
• B28n40i25b68gte41o61dwc19htc29jwgxiqfzbr.org
• Ktirhsn50kzc49B58cyf32fwh14h64dzgxiqcz.info
• Bre41hvc29kri15Ewpwdsazjyn40p52kwe21gw.biz
• n30mwhssxfq51j56lunsg13o11hyd60EWF52Nu.ru
• hvcsjxd20mzm29d40nznunta27c29kyi55fun50.com
• Nzosg13oymzg63NTPXARO51btkvfyoshrk27.info
• CZFSN20EXG53NZCQCRGRG43EXF62B28p22PYD50Lu.org

• QEHSPQNMRN.INFO
• mmhaesqar.in
• PWPRHNQN.IN
• mrspmramrn.in
• Arphansaqh.com
• hrhspsrenn.net
• AEPAAAEMRM.COM
• wsaehwases.in
• ARWRSEQSSH.COM
• ewamspqwha.ws

• http://johannesbader.ch/2015/02/the-dgas-f-necurs/

• NCCOJQVAVAVKIWHJ.MX
• hodwwywnmmbi.ac
• aianeaoinf.mu
• CCECGGC.US
• mffffmgtplxbyagbtegh.com
• Thlxuwnadtdtsm.biz
• EDKOMQPEUFJYAFCCJ.IN
• mxomklaqu.pw
• nvuttwteltin.tv
• nhysbiomr.ir

• https://johannesbader.ch/2014/12/the-dga-f-newgz/

• xzz3ug32baale1uo60yy7xj6rge.com
• 1Hyzmw3l2phycett8hzr2Do34.net
• 2PQ821Cfem5m1MDUA46pxg7bj.biz
• unlm9w9l8upy1kdde0kba7ktf.org
• 1IXHW3P1NCR3CF1PJFRPZ14N1U0E.com
• 1o460ktpdhna1k0lk3ecwujxn.net
• 183t0wjzlthe51wigptk4rl29.org
• 1i3ux5a1hj6NDQEJMXOXONE45G0V.NET
• 5mcd71MBUTPB1TGLU0S4P0LRF.com
• N3I5yn19w82vMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMP1K1L4xrjg.org

• Netlab - and Analysis of Linux.ngioweb Botnet
• Netlab - Quick Update on the Linux.ngioweb Botnet, now it is going after IOT Devices

minihileth-subadofy.org Revodihudom.info enisobure-netidimadom-minikevuship.org semiriddenction-postepudney.com Prolefexity-disorisance.org nonebazish-disahiblen-misehuraage.name ILOLUPAGE-NONURISUDIZE-MINIIKAZOLIKE.NET SEICOFAXIFUL-Enixakor-SubaFAPEAN.INFO OVEREDAXive-Nonameranel Prevomozari-microfemly.info

• OftBPEC.com
• Lotmpwyk.info
• Seikpwq.info
• bcfatyltdvp.info
• rfwstgy.com
• Hokybhnf.biz
• Evlovrxuw.net
• mtzpbzbfvy.info
• Hacckgiakhl.com
• mosmeuw.net

• https://johannesbader.ch/2018/04/the-new-domain-ganration-algorithm-of-nymaim/

• Surfies-drawing.com
• Shaft-crIRIRION.CC
• Stops-hash.id
• Unitsknowledge.com
• wiredgraph.tm
• time
• Stablelikely.ch
• Stainless-loan.lk
• Wagon-documents.sc
• Trainerprocssors.tk

• http://johannesbader.ch/2016/03/the-dga-f-padcrypt/

• ElkfcfnacacMofdf.com
• mkmeeeffnfdmbm.de
• FFCDCNBMMNADDCD.COM
• Ddkfodnaadmbmofo.co.uk
• Efneboaodnmbecoa.co
• BAFOMKFALCFCDKOM.INFO
• Onlmcdadnacfclc.com
• Dcfmdfbobkmafa.com
• LMMMFDCCMNFNMFDL.CO
• KCKNCONMCEEEEMLNM.COM

• https://johannesbader.ch/2019/07/the-dga-f-pitou/

• --------------+
• Koohoavab.net |
• Koohoavac.net |
• Koohoavad.net |
• Koohoavaf.net |
• Koohoavag.net |
• Koohoavah.net |
• Koohoavaj.net |
• Koohoavak.net |
• Koohoaval.net |

• https://blog.avast.com/2013/06/18/your-facebook-connection-nn-secured/

• DifficultneRly.net
• DollarneRly.net
• Difficultpossible.net
• Dollarpossible.net
• edelynation.net
• Escapenation.net
• edelypleasure.net
• escapepleasure.net
• EEARLYNEARLY.NET
• escapenearly.net

• https://johannesbader.ch/2016/06/proslikefan/

• FRARVCPK.EU
• Stjneohiod.biz
• VCEVVKC.se
• qylptiin.info
• bsvisbttr.com
• hjiknr.net
• Arpeiezki.org
• GoBQCA.RU
• tivqfahrmxdl.in
• Smutloo.name

• Weafokuggeir.kz
• Sictemuborug.kz
• CirPicficj.kz
• GeijanMap.kz
• FuxhuxSabi.kz
• Siclisozdokq.kz
• sozcoqnafrex.kz
• QEobifups.kz
• Cokoqdeah.kz
• Latqafbuxwic.kz

• http://johannesbader.ch/2015/03/the-dga-f-pykspa/

• Uamskmq.org
• jqplflktas.info
• Rybwtr.net
• uyznvxlof.info
• Gakcmqiw.com
• Wewsvat.net
• Owhadwkskevw.net
• nkndlzhjgrpc.info
• Isypszqu.net
• jobbaamoyt.info

• http://johannesbader.ch/2015/07/PyKSPAS-INFERIOR-DGA-Version/

• lfwhgin.com
• Guququaiq.biz
• Wctymo.net
• Lovefjsfox.com
• Oruhbanansnan.cc
• mkncjk.biz
• Yunonsuiwcyma.net
• yxpojufqbex.com
• qhxgzuffbex.CC
• yywiywiq.biz

• https://www.johannesbader.ch/2016/04/the-dga-f-qadars/

• jK9enwhansl2.org
• SDQfodmf81M7.net
• 5uro1uzspejk.net
• UB4HINSDUF0p.net
• zs9ijo1er81u.com
• 0t67c5arw9yf.net
• lev41encha38.net
• 67k1q3c1mr8x.org
• 7w1yf49irk5m.net
• gdunwhq7s9qb.org

• https://johannesbader.ch/2016/02/the-dga-f-qkbot/

• BQKRTXGKMRIWSIWCNGTIVPX.INFO
• JDTMFUPDYUEQELDVHSJZDVZOB.NET
• Guhmpoxzivhba.com
• nqqxqhuacaqhzurde.org
• lgqsqgpqzijwid.info
• ykolycdcyk.biz
• Ztvflnxqzpxvffvv.biz
• ZQRMKPIVRBXCAWOZQWQPFZH.ORG.ORG
• Iqyqwhntrxfeq.org
• ftadkbomxlnsib.info

• https://www.KYBERTURVALISUUUSKSKUS.FI/en/news/qsnatch-malware-designed-qnap-nas-devices

• https://johannesbader.ch/blog/the-dga-f-qsnatch/

• T2Q2R.Cf
• GC9NZ.TK
• 07tvvc.com
• 7ubqo.ml
• 53bcm.de
• 6Zltf.rocks
• Hv7uv.mx
• nypno.biz
• qkzccy.net
• rassb.cn

• https://johannesbader.ch/2014/12/the-dga-f-ramnit/

• KnpQXLXCWTLVGRDYHD.COM
• nvlyfua.com
• hgyudheedieibxy.com
• analylixwcbnjopdd.com
• VRNDMDRDRDRJoff.com
• Jhghrlufoh.com
• tqjhvylf.com
• Hufqifjq.com
• Itktxexjghvvxa.com
• ppyblahb.com

• http://johannesbader.ch/2015/05/the-dga-of-ranbyus/

• IKWOQKWUAJPBYX.COM
• nukpdrluwlfox.pw
• rcnxisuibbadng.in
• wbqtidjvsdiwe.me
• JRDYUMCIEYIPNV.CC
• yvyfwikefxitk.su
• Tviurcntxylxnj.tw
• lycyrvfcemepfm.net
• EPDDEUUKDIMBPFT.COM
• TRBHXHmbSIKOAQ.PW

• http://johannesbader.ch/2015/09/ranbyuss-dga-revisited/

• jxbdxeyxttdmcjagi.me
• Iqmadibfhnssadm.CC
• GDOLDAOGNCEAEDKKE.SU
• jnbnyrmxmplfgstk.tw
• ucjetnyaitygjidva.net
• jejocqwtcbuymvao.com
• StuctjsqfxghceSYW.PW
• gfidctymbxiaqyuyk.in
• Ojrqwrlhesfshawva.me
• bqjqvwwjirftwkjel.cc

This DGA has unpredictable seeding , ie, it uses GetTickCount as the seed. I Still List

• E5zhail0mw.com
• Gabbvk2o6s.com
• Cump2a4d7.com
• 5eswmwnqyf.com
• lexfszyuwp.com
• JZpesSPFF.com
• UMIARNIJET.COM
• Shr0xe9idm.com
• nycex7wlcf.com
• Vciznqxwpo.com

• 64F30398ECDA3BF.XYZ
• f008fc473fdddc4.Live
• cfbadaf0cd7b0ac3.com
• B8D28386413029fe.store
• 99c485497c079a09.info
• 6d54B683fc2CC58f.top
• abb7547058fef9fb.net

• https://johannesbader.ch/2015/01/the-dga-of-shotob/

• WtipubCtwiekhir.net
• rwmu35avqo12tqc.com
• RSKB5BSFHM2FK5H.NET
• RBP9PPRRXGFLUT9.com
• Zzzxeyzgy45yy2a.net
• e3oa4wglvd21xa.com
• mqmq1hvmtxzjv.net
• pd4o4wu24vimn.com
• TLMRZVPPSQSB.NET
• pbmz59uzndpo.com

• http://johannesbader.ch/2015/03/the-dga-f-simda-shiz/

• Gatyfus.com
• lyvyxor.com
• VojyQem.com
• Qtyfuv.com
• Puvyxil.com
• Gahyqah.com
• lyryfyd.com
• vocyzit.com
• qgyqaq.com
• Purydyv.com

• https://www.johannesbader.ch/2016/06/the-dga-f-sisron/

• mdiwnjiwmtya.com
• MDEWNJIWMTYA.COM
• mzewntiwmtya.com
• mzawntiwmtya.com
• mjkwntiwmtya.com
• mjgwntiwmtya.com
• mjcwntiwmtya.com
• mjywntiwmtya.com
• mjuwntiwmtya.com
• mjqwntiwmtya.com

• http://www.rsaconfection.com/writable/presentations

• Journey
• Destroy
• Against
• night
• Within
• Effort
• Street
• Better
• HusBand
• Little

• http://johannesbader.ch/2015/01/the-dga-f-symmi/

• OGOVOGUIPAWI.DNS.NET
• Afowkaupbabe.ddns.net
• ipkureleakm.dns.net
• Hegiruqo.dns.net
• Luimreim.ddns.net
• tiakquoahuvu.dns.net
• Loelkuanduur.dns.net
• AGDEHUKOEV.DNS.NET
• Giagkuekorla.ddns.net
• leufiroqipomu.dns.net

• https://github.com/baderj/domain_generation_algorithms/tree/master/tempedreve/images

• dlbebsga.net
• Enqbgrmt.com
• xjlwpfnk.info
• eBabkjcx.org
• Hvisietg.net
• svyjglen.com
• Glknxfgq.info
• adodulah.org
• jgrxrxwh.net
• ctmrgbmz.com

• http://johannesbader.ch/2015/04/NEW-TOP- Level- Domains-for-tinbas-dga/

• Blackfreeqyio.CC
• Nvfowikhevmy.com
• Nvfowikhevmy.net
• Nvfowikhevmy.in
• Nvfowikhevmy.ru
• sjhuqlwrqhqx.com
• Sjhuqlwrqhqx.net
• Sjhuqlwrqhqx.in
• Sjhuqlwrqhqx.ru
• Pxgonyogee.com

• DBQWPMPNRUSYWJ.COM
• Qxmubfleztlnkx.com
• RRNYWOWOWOWOWQGMJVNLTG.COM
• rqnjdvzpsmbuw.com
• Utoiopxjrphvoiy.org
• TtoouemmmMnxnmj.com
• nmjsourlgveecj.org
• JuPRVZXQOTONVS.BIZ
• NMJSOOURLLGVEECJ.BIZ
• dotqwjmhqlushjlo.biz

• albdfhln.com
• alcgkown.com
• aldjpvqt.com
• alemuown.com
• alfpmrnq.org
• algspQt.org
• alhvrytw.org
• aliyuown.org
• aljnwpy.org
• alkpmrnq.net

• Ddknt.github.io
• Ddktn.github.io
• Ddnkt.github.io
• Ddntk.github.io
• Ddtkn.github.io
• Ddtnk.github.io
• dkdnt.github.io
• dkdtn.github.io
• dkndt.github.io
• dkntd.github.io

• https://johannesbader.ch/2015/11/a-javascript-based-dga/

• rxxeqoy.cc
• kmymbyzd.co
• cfukbzbmg.eu
• SBLWTAFC.CC
• Lqdoacat.co
• dplmjcjic.eu
• Ttukaiwjdx.CC
• Meimklqh.co
• Enmxqcxhtl.eu
• Unmias.CC

• http://www.threatget.com/2016/11/vawtrak-dga-round-2.html

• Usahwtutu.com
• Folocnam.com
• Awumsah.com
• Edorwufli.com
• Misocutah.com
• Edarwotda.com
• Melarwetdic.com
• UscnitDohg.com
• regomseh.com
• Osicnumd.com

• 1d78e50d.com
• 1D78E50D.net
• 1D78E50D.org
• 1D78E50D.duckdns.org
• 2B04216f.com
• 2B04216f.net
• 2B04216f.org
• 2B04216f.duckdns.org
• 2E1D985c.com
• 2E1D985c.net

• https://johannesbader.ch/blog/the-dga-of-zloader/

• gdurfdsywubjaqchrh.com
• Vudktykcecigekhtwwqn.com
• JCaofaekffeojktmpdax.com
• iphrhkculpnubvvxnbh.com
• bjdbgbjdyredhfyvpie.com
• WRAMITVQEOJEEECEAGAXOJ The.com
• Ohyjybhgogaeabjqvpie.com
• fsktelyeogmxudotlao.com
• NSDTXVNWTXJWHBUQFE.COM
• bohchavtvhbejwcmekvo.com