www.marc-blanchard.com Open in urlscan Pro
87.98.134.15  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 
 
TRACKER NEWS ABOUT
 
 


 

 

<

 



BAZARBACKDOOR VERSION 1

BazarBackdoor (also known as BazarLoader or Team9 Backdoor) is an alternate dev
of the dreaded TrickBot Trojan.
NOTICE: DGA are changing each month.
Thanks to Johannes Bader for reversing and implementing the DGA

 



BAZARBACKDOOR VERSION 2

BazarBackdoor Version 2 is another DGA version
NOTICE: DGA are using special characters... it is normal !
Thanks to Johannes Bader for reversing and implementing the DGA

 


ZOMBIE NECURS

Necurs botnet is an historical network previously used for the distribution of
Locky ransomware and Dridex, but today distributes some other malwares
C&C servers are numerous and uses DGA.

 


NYMAIM

Nymaim gained banking capabilities and information stealer
C&C servers infrastructures use fast-flux networks and DGA techniques are used.

 


ZOMBIE COREBOT

CoreBot is a rather sophisticated banking malware and information stealer
C&C servers are numerous and CoreBot uses DGA.

 


CHINAD

Chinad activities are commonly downloading/uploading files, dropping other
malware into the infected system.
Its C&C servers become unstable detected with DGA methods

 


QAKBOT

Qakbot uses powerful information-stealing features to spy on users’ banking
activity and defraud them of large sums of money.
C&C servers constantly change with DGA methods

 


ZLOADER

Zloader is a part of Sphinx banking Trojan.
ZLoader has resurfaced to take advantage of government relief payments amid
COVID-19 to use DGA techniques

 


PIZD

PiZd is an important botnet. Its implant has over 1000 variants.
Variants use DGA to access to C&C servers

 


NEWGOZ

Some mutations of the original Gamover constently appeared dubbed newGOZ..
The new DGA technique is not related to the original GameOver Zeus but bears
some resemblance.
DGA are used to keep updated implants through on C&C servers

 


PITOU

Pitou is a spambot using anti sandbox features and Domain Generation Algorithm
for C&C discovering (thanks to @viql for analysis & code)

 


TEMPEDREVE PART OF URSNIF FAMILY

Tempedreve arrives on a system as a file dropped by other malware using daily
Domain Generation Algorithm for its C&C

 


TELERU

TeleRU is the first observed Android APK related DGA.
Thanks to Liang Jinjin for reversing and implementing the DGA

 


QADARS

Qadars is a botnet targeting EU victims to execute spy action's of users' banks
accounts.
Qadars may also infects an Android mobile device, it can monitor all user
activity and hijack text messaging, Facebook users, online sports betting users,
and e-commerce.
C&C servers constantly change with DGA methods

 


MATSNU

Matsnu botnet uses DGA that pulls nouns and verbs from a built-in list of more
than 1,300 words to form domains that are 24-character phrases.
DGA method generates each 24 hours new domains

 


PADCRYPT

Padcrypt is a ransomware. Each day, new domains are used.
Attachments are applying one of DGA daily list

 


PROSLIKEFAN

Proslikefan is a worm script. It sends exfiltration datas to daily new domains.
The newest domains are using DGA techniques.

 


LOCKY

Locky ransomware has incorporated a domain name generating algorithm to improve
the resilience of the command-and-control (C&C) communications.
DGA techniques given how the malware is regularly updated with new functionality
incorporating new attack techniques.

 


PYKSPA

Pykspa is a worm that accesses the list of Skype contacts and sends a chat
message to each contact.
It extracts personal user information from the machine and communicates with
remote servers by using a Domain Generation Algorithms (DGA).

 


RANBYUS

Ranbyus bypasses payment transaction signing and authentication with smartcard
devices.
It also extracts personal user information from banking/payment softwares and
sends to remote servers by using a Domain Generation Algorithms (DGA).

 


MUROFET

Murofet aka.LICAT, has relatioships with the ZeuS.
It uses a Domain Generation Algorithm (DGA) to determine the current C2 domain
names. Thanks to Johannes Bader for DGA reversing

 


SISRON

Sisron is a financial fraud and identity theft botnet. Infrastructures has been
sinkholed, but on some victim's activities continue to work.
Domain Generation Algorithms (DGA) are simple but should be good to continue to
survey. Thanks to Johannes Bader for DGA reversing

 


SYMMI

Symmi is a botnet that has some functionalities to open a back door on the
compromised computer. It lets to download malicious files.
Domain Generation Algorithms (DGA) lets Symmi to send and receive informations
and malwares.

 


MYDOOM BOTNET

MyDoom has several methods of impacts, but main attacks are DDOS
MyDoom uses DGA for its P2P communications but also some Command and Control
Server

 


CONFICKER

Version A, B, C stay alive!
Most of hosts are sinkholed, but the infection stays

 

--------------------------------------------------------------------------------
OPEN SOURCE REAL TIME MALWARE INFORMATION VERSION 1.0
SHARING IS CARING !
COPYLEFT 2020 - NO RIGHTS RESERVED


KEYWORDS BOT INVADERS , BOTNET TRACKER, MALWARE, DOMAIN NAME, IOC, DOMAIN
GENERATION ALGORITHMS, DGA