domain_generation_algorithms

• http://johannesbader.ch/2015/02/the-dga-of-banjori/

• Eardingnessbiophysicalohax.com
• kwtoestnessbiophysicalohax.com
• rvcxestnessbiophysicalohax.com
• hjbtestnessbiopysialohax.com
• txmoestnessbiophysicalohax.com
• agekestnessbiophysicalohax.com
• dbzwestnessbiopysialohax.com
• sgjxestnessbiophysicalohax.com
• igjyestnessbiopysialohax.com
• zxahestnessbiophysicalohax.com

• https://johannesbader.ch/blog/the-dga-of-bazarbackdooor/
• https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/
• https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/

本物のDGA：

• adegjkaiggjm.bazar
• Eehjmejjjo.Bazar
• dehiildjjiin.bazar
• Ceeiklcjgikn.Bazar
• dceikkdhgikm.bazar
• bfehjmbkggho.bazar
• adegjmaiggjo.bazar
• dchiikdhjiim.bazar
• Effehkekghim.Bazar
• bdhjkbijhm.bazar

bggy dga：-_fdgimzkfgio.bazaar -e'bfkieedfkkababazaar -efdgkekfgim.bazaar -begimzggio.bazaar -bbbhlbgdfhn.bazaar - ^ehikizjjkik.bazaar -achimajehio.bazaar-] defiizigfik.bazaar -`` Begizeiik.Bazaar -Degfjdjifjm.Bazaar

• cmid1s1zeiu.life
• Itszko2ot5u.life
• 3V1N35I5KWX.LIFE
• newdnq1xnl9.life
• jkyj6awt1ao.life
• ddrjv6y42b8.life
• 1PNHP5O5ZA1.LIFE
• y13iqvlfjl5.life
• xp0btfgegbo.life

• 360NETLAB/DGA＃1

• 8f6bacmw30xxv6sc.cn
• 486txu3yjly0xcmz.ru
• xii6x8zg9rkanmyo.info
• spy1jhhdbmvt2ueva.net
• evybt5gtf2tprvbi.info
• 7qbys97e3pcw262c.info
• kz897c7n7vbur.biz
• zmkvlsvkbfnuez.ru
• tr1yy6lxtry1gsts.biz
• MFQ6UWQ3P2HVC8ZN.CN

• https://johannesbader.ch/2015/09/the-dga-of-corebot/

• lkhylm0mhyfuhg.dns.net
• S63234WLUV5V365BWP5.DDNS.NET
• afe6mfy23xcxgfa.dns.net
• 7RSL1F34SFQ0OJ3JWVMFA6C.DNS.NET
• Ir7l3po0gjy8ypqjm8o.ddns.net
• 3lgupwdivsfm2w4kng2iha.ddns.net
• i8a0q2wdu8otulkfylo2gdq.dnns.net
• kh1her76avy0qnelivijwd1.ddns.net
• ubgp1f1han7lu410eh5.ddns.net
• ulier8knadmpmmdm4wti6oro.dns.net

• https://blog.xlab.qianxin.com/uncovering_darkcracks_payload_delivery_framework_cn/#part2-runner%e5%88%86%E6%9e%90

• stdfugagjl.com
• evdfugagjl.com
• avdfugagjl.com
• mvdfugagjl.com
• ivdfugagjl.com
• uvdfugagjl.com
• qvdfugagjl.com
• ytcfugagjl.com
• ktcfugagjl.com
• gtcfugagjl.com

• http://johannesbader.ch/2015/03/the-dga-f-dircrypt/

• rauggyguyp.com
• llulzza.com
• mluztamhnngwgh.com
• mycojenxktsmozzthdv.com
• inbxvqkegiapgv.com
• furiararji.com
• zrkdvzjhse.com
• wyuhdsdttczd.com
• hpaxgpkteomjaxywwelr.com
• mydojltbqjnwailiya.com

• https://johannesbader.ch/2016/01/the-dga-in-alureon-dnschandger/

• aktklyvbiu.com
• zgimjzlnrl.com
• tcfejerekw.com
• tfunnjmxt.com
• ydvlfkguw.com

• vhkintjtksyxgjrz.net
• btpnxlsfdqbhzazyx.net
• ukfmknjdenthvktgc.net
• qupxsrhrhrmuooonqrit.net
• gjsbydmrpfzsmnfiu.net
• indpsqbetcpcqprx.net
• gwrdmhyjfcpcutmhp.net
• bwzcypcbmnlpfsw.net
• twkpwfuecvzcincq.net
• pdwfuxgnahmgsxhit.net

• app2.winsoft0.com
• app2.winsoft1.com
• app2.winsoft2.com
• app2.winsoft3.com
• app2.winsoft4.com
• app2.winsoft5.com
• app2.winsoft6.com
• app2.winsoft7.com
• app2.winsoft8.com
• app2.winsoft9.com

• http://www.govcert.admin.ch/blog/18/gazi-aisfb-when-a-bug-rely-is-a-fatuure

• quodpresidenteaxsatiat.cit。
• pertantumfitusu.com
• indulgentiarumlicet.com
• moriblasphemianegoci.com
• ptribueretnossetnonin.com
• nonsicordinario.com
• svivacpecunias.com
• instimabiler.com
• ulpurgatoripetrum.com
• Papacricagonitistro.com

• https://johannesbader.ch/2015/12/krakens-two-domain-ganration-algorithms/

• ibbwnhgh.mooo.com
• rbqdxflojkj.mooo.com
• Smhburg.deyndns.org
• bltjhzqp.dyndns.org
• clwafrfuuxq.yi.org
• cffxugijxn.yi.org
• ivxcxbj.dynserv.com
• etllejr.dynserv.com
• otpxmk.mooo.com
• ejfjyd.mooo.com

• https://johannesbader.ch/2015/12/krakens-two-domain-ganration-algorithms/

• xpdbwuimwag.com
• nwpegpjtx.com
• smmyuhxlt.net
• xjvyvnzivt.net
• lvctmusxcyz.tv
• lvctmusxcyz.tv
• cjuszcfwo.cc
• egbmbdey.cc
• wjxaprgne.com
• vxbuggxhrgi.com

• https://blogs.forcepoint.com/security-labs/lockys-new-dga-seeding-newドメイン

• gegjiimqmlgtdmk.tf
• pccibcjncnhnhn.yt
• rddipikmrap.us
• mmhmkqfc.be
• vkcims.pm
• qtysmobytagnrv.it
• suhpqiumpjsv.ru
• cscfbwbhs.uk

• https://malpedia.caad.fkie.fraunhofer.de/details/win.m0yv
• YouTubeビデオ「M0YVのドメイン生成アルゴリズムのシンクホルズ」

dga.pyの時間独立バージョン、 dga-td.pyの時間依存バージョン。

• Pywolwnvd.biz
• ssbzmoy.biz
• cvgrf.biz
• npukfztj.biz
• przvgke.biz
• Zlenh.Biz
• knjghuig.biz
• uhxqin.biz
• anpmanmxo.biz
• lpuegx.biz

• 31b4bd31fg1x2.org
• 31b4bd31fg1x2.tikkets
• 31b4bd31fg1x2.blackfriiy
• 31B4BD31FG1X2.HOSTING
• 31b4bd31fg1x2.feedback
• 3F8C8079FD4C5.ORG
• 3F8C8079FD4C5.Tickets
• 3F8C8079FD4C5.BLACKFRIDAY
• 3F8C8079FD4C5.HOSTING
• 3F8C8079FD4C5.FEDBACK

• https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/

• giywshrgxcvoqgvrkthmfa.ru
• XAIQPBRGYMBRWMZGIGRGDSK.COM
• amgqularpzxepztxenbx.net
• pfscijijbmhyfiyjgorggugtkbqyh.org
• xglfcmsgorvwfilhmzlcxxvkfege.info
• rcteqwkequojntibvvfyfaluwh.biz
• mjfqylbiaunfuaeunzdqdwscu.ru
• qobeylpxgpknptukydqvklztg.com
• rgwgizukficdgetwsxovtcknwkfm.info
• betgyaeswxorwcvsdezdupb.org

• https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/

• cmqvxtpnibli.biz
• cmqvxtpnibli.com
• rloqpoiongsuwyq.net
• rloqpoiongsuwyq.org
• zsophzovtfor.info
• Zsophzovtfor.biz
• nlifthjnbgenfweq.org
• nlifthjnbgenfweq.com
• hyktttqsssssmvkoc.info
• hykpttqsssssmvkoc.org

• https://johannesbader.ch/2015/09/three-variants-of-murofets-dga/

• nxlya47huo61czerb18o51e11d30i55gycwe31lx.ru
• jwdzptm69p62izcve41f22k37oyj16g63fqote11.com
• P42P52NVD50IZKAZAQE21LVO21PYCQOTP2E61.NET
• B28N40I25B68GTE41O61DWC19HTC29JWGXIQFZBR.ORG
• ktirhsn50kzc49b58cyf32fwh14h64dzgxiqcz.info
• BRE41HVC29KRI15EWPWDSAZJYN40P52KWE21GW.BIZ
• N30MWHSSXFQ51J56LUNSG13O11HYD60EWF52NU.RU
• HVCSJXD20MZM29D40NZNUNTA27C29KYI55FUN50.COM
• nzosg133oymzg63ntpxaro51btkvfyoshrk27.info
• CZFSN20EXG53NZCQCRGRG43EXF62B28P22PYD50LU.ORG

• qehspqnmrn.info
• mmhaesqar.in
• pwprhnqn.in
• mrspmramrn.in
• Arphansaqh.com
• hrhspsrenn.net
• aepaaaemrm.com
• wsaehwase.in
• arwrseqssh.com
• ewamspqwha.ws

• http://johannesbader.ch/2015/02/the-dgas-fnecurs/

• nccojqvavavkiwhj.mx
• hodwwywnmmbi.ac
• aianeaoinf.mu
• CCECGGC.US
• mffffmgtplxbyagbtegh.com
• thlxuwnadtdtsm.biz
• edkomqpeufjyafccj.in
• mxomklaqu.pw
• nvuttwteltin.tv
• nhysbiomr.ir

• https://johannesbader.ch/2014/12/the-dga-f-newgz/

• xzz3ug32baale1uo60yy7xj6rge.com
• 1HYZMW3L2PHYCETT8HZR2DO34.NET
• 2PQ821CFEM5M1MDUA46PXG7BJ.BIZ
• unlm9w9l8upy1kde0kba7ktf.org
• 1ixhw3p1ncr3cf1pjfrpz14n1u0e.com
• 1O460KTPDHNA1K0LK3ECWUJXN.NET
• 183t0wjzlthe51wigptk4rl29.org
• 1I3UX5A1HJ6NDQEJMXOXONE45G0V.NET
• 5MCD71MBUTPB1TGLU0S4P0LRF.COM
• n3i5yn19w82vmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmp1k1l4xrjg.org

• netlab-およびlinux.ngioweb botnetの分析
• netlab- linux.ngioweb botnetのクイックアップデート、今ではIoTデバイスを追いかけています

minihileth-subadofy.org revodihudom.info enisobure-netidimadom-minikevuship.org semiriddenction-postepudney.com prolefexity-disorisance.org nonebazish-disahiblen-misehuraage.name ilolupage-nonurisudize-miniikazolike.net seicofaxiful-enixakor-subafapean.info overedaxive-nonameranel prevozari-microfemly.info

• oftbpec.com
• lotmpwyk.info
• seikpwq.info
• bcfatyltdvp.info
• rfwstgy.com
• hokybhnf.biz
• evlovrxuw.net
• mtzpbzbfvy.info
• hackkgiakhl.com
• mosmeuw.net

• https://johannesbader.ch/2018/04/the-new-domain-ganration-algorithm-of-nymaim/

• Surfies-drawing.com
• Shaft-Cririon.cc
• stops-hash.id
• unitsknowledge.com
• wiredgraph.tm
• 時間
• stablelikely.ch
• stainless-loan.lk
• Wagon-Documents.sc
• TrainerProcssors.tk

• http://johannesbader.ch/2016/03/the-dga-f-padcrypt/

• elkfcfnacacmofdf.com
• mkmeeeffnfdmbm.de
• ffcdcnbmmnaddcd.com
• ddkfodnaadmbmofo.co.uk
• efneboaodnmbecoa.co
• bafomkfalcfcdkom.info
• onlmcdadnacfclc.com
• dcfmdfbobkmafa.com
• lmmmfdccmnfnmfdl.co
• kkknconmceeeemlnm.com

• https://johannesbader.ch/2019/07/the-dga-f-pitou/

• -------------+
• koohoavab.net |
• koohoavac.net |
• koohoavad.net |
• koohoavaf.net |
• Koohoavag.net |
• Koohoavah.net |
• Koohoavaj.net |
• koohoavak.net |
• koohoaval.net |

• https://blog.avast.com/2013/06/18/your-facebook-connection-nn-secured/

• huffernyly.net
• Dollarnerly.net
• 困難なpossible.net
• DollarPossible.net
• edelynation.net
• Escapenation.net
• edelypleasure.net
• escapepleasure.net
• eearlynearly.net
• ESCAPENEARLY.NET

• https://johannesbader.ch/2016/06/proslikefan/

• frarvcpk.eu
• stjneohiod.biz
• vcevvkc.se
• qylptiin.info
• bsvisbttr.com
• hjiknr.net
• arpeiezki.org
• gobqca.ru
• tivqfahrmxdl.in
• smutloo.name

• weafokuggeir.kz
• sictemuborug.kz
• cirpicficj.kz
• geijanmap.kz
• fuxhuxsabi.kz
• siclisozdokq.kz
• sozcoqnafrex.kz
• Qeobifups.kz
• cokoqdeah.kz
• latqafbuxwic.kz

• http://johannesbader.ch/2015/03/the-dga-f-pykspa/

• uamskmq.org
• jqplflktas.info
• rybwtr.net
• uyznvxlof.info
• gakmqiw.com
• wewsvat.net
• owhadwkskevw.net
• nkndlzhjgrpc.info
• ISYPSZQU.NET
• jobbaamoyt.info

• http://johannesbader.ch/2015/07/pykspas-inferior-dga-version/

• lfwhgin.com
• Guququaiq.Biz
• wctymo.net
• lovefjsfox.com
• oruhbanansnan.cc
• mkncjk.biz
• Yunonsuiwcyma.net
• yxpojufqbex.com
• qhxgzuffbex.cc
• yywiywiq.biz

• https://www.johannesbader.ch/2016/04/the-dga-f-qadars/

• jk9enwhansl2.org
• SDQFODMF81M7.NET
• 5uro1uzspejk.net
• ub4hinsduf0p.net
• zs9ijo1er81u.com
• 0T67C5ARW9YF.NET
• lev41encha38.net
• 67k1q3c1mr8x.org
• 7w1yf49irk5m.net
• gdunwhq7s9qb.org

• https://johannesbader.ch/2016/02/the-dga-f-qkbot/

• bqkrtxgkmriwsiwcngtivpx.info
• jdtmfupdyueqeldvhsjzdvzob.net
• guhmpoxzivhba.com
• nqqxqhuacaqhzurde.org
• lgqsqgpqzijwid.info
• ykolycdcyk.biz
• ztvflnxqzpxvffvv.biz
• zqrmkpivrbxcawozqwqpfzh.org.org
• iqyqwhntrxfeq.org
• ftadkbomxlnsib.info

• https://www.kyberturvalisuuuskskus.fi/en/news/qsnatch-malware-designed-qnap-nas-devices

• https://johannesbader.ch/blog/the-dga-f-qsnatch/

• T2Q2R.CF
• gc9nz.tk
• 07tvvc.com
• 7ubqo.ml
• 53bcm.de
• 6zltf.rocks
• hv7uv.mx
• nypno.biz
• qkzccy.net
• rassb.cn

• https://johannesbader.ch/2014/12/the-dga-f-ramnit/

• knpqxlxcwtlvgrdyhd.com
• nvlyfua.com
• hgyudheedieibxy.com
• analylixwcbnjopdd.com
• vrndmdrdrdrjoff.com
• jhghrlufoh.com
• tqjhvylf.com
• hufqifjq.com
• itktxexjghvvxa.com
• ppyblahb.com

• http://johannesbader.ch/2015/05/the-dga-of-ranbyus/

• ikwoqkwuajpbyx.com
• nukpdrluwlfox.pw
• rcnxisuibbadng.in
• wbqtidjvsdiwe.me
• Jrdyumcieyipnv.cc
• yvyfwikefxitk.su
• tviurcntxylxnj.tw
• lycyrvfcemepfm.net
• epddeuukdimbpft.com
• trbhxhmbsikoaq.pw

• http://johannesbader.ch/2015/09/ranbyuss-dga-revisited/

• jxbdxeyxttdmcjagi.me
• IQMADIBFHNSSADM.CC
• gdoldaognceaedkke.su
• jnbnyrmxmplfgstk.tw
• ucjetnyaitygjidva.net
• jejocqwtcbuymvao.com
• stuctjsqfxghcesyw.pw
• gfidctymbxiaqyuyk.in
• ojrqwrlhesfshawva.me
• bqjqvwwjirftwkjel.cc

このDGAには、予測不可能なシード、つまりその種としてのGetTickCountがあります。私はまだリストしています

• e5zhail0mw.com
• gabbvk2o6s.com
• cump2a4d7.com
• 5ESWMWNQYF.com
• lexfszyuwp.com
• jzpesspff.com
• umiarnijet.com
• shr0xe9idm.com
• Nycex7wlcf.com
• vciznqxwpo.com

• 64F30398ECDA3BF.XYZ
• F008FC473FDDDC4.LIVE
• CFBADAF0CD7B0AC3.COM
• b8d28386413029fe.store
• 99C485497C079A09.INFO
• 6D54B683FC2CC58F.TOP
• abb7547058fef9fb.net

• https://johannesbader.ch/2015/01/the-dga-of-shotob/

• wtipubctwiekhir.net
• rwmu35avqo12tqc.com
• rskb5bsfhm2fk5h.net
• rbp9pprrxgflut9.com
• zzzxeyzgy45yy2a.net
• e3oa4wglvd21xa.com
• mqmq1hvmtxzjv.net
• pd4o4wu24vimn.com
• tlmrzvppsqsb.net
• pbmz59uzndpo.com

• http://johannesbader.ch/2015/03/the-fsimda-shiz/

• gatyfus.com
• lyvyxor.com
• vojyqem.com
• qtyfuv.com
• puvyxil.com
• gahyqah.com
• lyryfyd.com
• vocyzit.com
• QGYQAQ.com
• purydyv.com

• https://www.johannesbader.ch/2016/06/the-dga-f-sisron/

• mdiwnjiwmtya.com
• mdewnjiwmtya.com
• mzewntiwmtya.com
• mzawntiwmtya.com
• mjkwntiwmtya.com
• mjgwntiwmtya.com
• mjcwntiwmtya.com
• mjywntiwmtya.com
• mjuwntiwmtya.com
• mjqwntiwmtya.com

• http://www.rsaconfection.com/writable/presentations

• 旅
• 破壊する
• に対して
• 夜
• 内で
• 努力
• 通り
• より良い
• 夫
• 少し

• http://johannesbader.ch/2015/01/the-dga-f-symmi/

• ogovoguipawi.dns.net
• afowkaupbabe.ddns.net
• ipkureLeakm.dns.net
• hegiruqo.dns.net
• luimreim.ddns.net
• Tiakquoahuvu.dns.net
• loelkuanduur.dns.net
• Agdehukoev.dns.net
• giagkuekorla.ddns.net
• leufiroqipomu.dns.net

• https://github.com/baderj/domain_generation_algorithms/tree/master/tempedreve/images

• dlbebsga.net
• enqbgrmt.com
• xjlwpfnk.info
• ebabkjcx.org
• hvisietg.net
• svyjglen.com
• glknxfgq.info
• adodulah.org
• jgrxrxwh.net
• ctmrgbmz.com

• http://johannesbader.ch/2015/04/new-top- domains-for-tinbas-dga/

• Blackfreeqyio.cc
• nvfowikhevmy.com
• nvfowikhevmy.net
• nvfowikhevmy.in
• nvfowikhevmy.ru
• sjhuqlwrqhqx.com
• sjhuqlwrqhqx.net
• sjhuqlwrqhqx.in
• sjuqlwrqhqx.ru
• pxgonyogee.com

• dbqwpmpnrusywj.com
• qxmubfleztlnkx.com
• rrnywowowowowowqgmjvnltg.com
• rqnjdvzpsmbuw.com
• utoiopxjrphvoiy.org
• toouemmmmnxnmj.com
• nmjsourlgveecj.org
• juprvzxqotonvs.biz
• nmjsoourllgveecj.biz
• dotqwjmhqlushjlo.biz

• albdfhln.com
• alcgkown.com
• aldjpvqt.com
• alemuown.com
• alfpmrnq.org
• algspqt.org
• alhvrytw.org
• aliyuown.org
• aljnwpy.org
• alkpmrnq.net

• ddknt.github.io
• ddktn.github.io
• ddnkt.github.io
• ddntk.github.io
• ddtkn.github.io
• ddtnk.github.io
• dkdnt.github.io
• dkdtn.github.io
• dkndt.github.io
• dkntd.github.io

• https://johannesbader.ch/2015/11/a-javascript based-dga/

• rxxeqoy.cc
• kmymbyzd.co
• cfukbzbmg.eu
• sblwtafc.cc
• lqdoacat.co
• dplmjcjic.eu
• Ttukaiwjdx.cc
• meimklqh.co
• enmxqcxhtl.eu
• unmias.cc

• http://www.threatget.com/2016/11/vawtrak-dga-round-2.html

• usahwtutu.com
• folocnam.com
• awumsah.com
• edorwufli.com
• misocutah.com
• edarwotda.com
• melarwetdic.com
• uscnitdohg.com
• regomseh.com
• osicnumd.com

• 1d78e50d.com
• 1d78e50d.net
• 1d78e50d.org
• 1d78e50d.duckdns.org
• 2b04216f.com
• 2b04216f.net
• 2b04216f.org
• 2b04216f.duckdns.org
• 2e1d985c.com
• 2E1D985C.NET

• https://johannesbader.ch/blog/the-dga-of-zloader/

• gdurfdsywubjaqchrh.com
• vudktykcecigekhtwwqn.com
• jcaofaekffeojktmpdax.com
• iphrhkculpnubvvxnbh.com
• bjdbgbjdyredhfyvpie.com
• wramitvqeojeaeceajxoj the.com
• ohyjybhgogaeabjqvpie.com
• fsktelyeogmxudotlao.com
• nsdtxvnwtxjwhbuqfe.com
• bohchavtvhbejwcmekvo.com