Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
From PDNS: Another fix length of 7, a-z. tlds: [ru, com]
See original GitHub issue- The range of 3ld is from ‘update’ to ‘update33’.
- Sample domains from PDNS.
update.bcmeays.ru
update.bhtgvgd.ru
update.bjqlscz.ru
update.buicfza.com
update.buqgkvy.ru
update.ckwvect.com
update.cmbwgpt.ru
update.coqqtuy.ru
update.cxabxmn.ru
update.dkwktat.ru
update.dpyabij.ru
update.dpzsqdm.ru
update.dtqutmz.ru
update.duhpcxu.ru
update.dywkeki.ru
update.enyzyeq.ru
update.eyfudfb.ru
update.fcjziku.ru
update.fsfzgut.ru
update.fvojelg.ru
update.galnpfd.ru
update.gbuhxnb.ru
update.gmdqfbb.ru
update.gojrckb.com
update.haikgpx.ru
update.hdpnrvz.ru
update.hhuflmr.ru
update.hrorczy.com
update.hyjuwfz.ru
update.icdghvi.ru
update.indmszq.ru
update.izshmxw.ru
update.jbioydq.ru
update.juppdqq.ru
update.jxevrvv.ru
update.jzgjldk.ru
update.kedmtgy.com
update.klcgduk.ru
update.kvfwrbc.ru
update.lnjgukh.ru
update.lzeaeac.ru
update.mcuyfnh.ru
update.mefzluk.ru
update.mlxfyoz.ru
update.msmrlsa.ru
update.myfvwmj.ru
update.mzvapmw.ru
update.nugdtbl.ru
update.nyrfkra.ru
update.nzmmbxw.ru
update.osqhhum.ru
update.othihmm.ru
update.pblkxax.com
update.peyjasy.ru
update.pgzarrr.ru
update.ptaabfj.com
update.qbasipa.ru
update.qeprhiu.ru
update.qhlhtmd.ru
update.qlpyewm.ru
update.rgmriau.ru
update.rpzbtxx.ru
update.rqtcxnh.ru
update.rvzordc.ru
update.ryorpcr.ru
update.sbshxhb.ru
update.slvefiv.ru
update.tpiqcmd.ru
update.trawxsf.ru
update.tsferre.ru
update.ttkkmvk.com
update.ujozgxz.ru
update.ukwqrlk.ru
update.uqhbgyb.ru
update.usildbq.ru
update.utqudlq.ru
update.vcfkruz.ru
update.vfppkkd.ru
update.vhbyqsa.ru
update.vscpuki.ru
update.vuebcdx.ru
update.whbnuik.ru
update.whtjpzk.ru
update.widvmyb.com
update.xamnebn.ru
update.xfetdwu.ru
update.xsqckec.ru
update.ybdnfqm.ru
update.yncupri.com
update.zdkhdhg.ru
update.zhwkwzd.ru
update.zkerayl.ru
update.zlgqgfd.ru
update.zpbjdeb.ru
update0.bcmeays.ru
update0.bhtgvgd.ru
update0.bjqlscz.ru
update0.buicfza.com
update0.buqgkvy.ru
update0.ckwvect.com
update0.cmbwgpt.ru
update0.coqqtuy.ru
update0.cxabxmn.ru
update0.dkwktat.ru
update0.dpyabij.ru
update0.dpzsqdm.ru
update0.dtqutmz.ru
update0.duhpcxu.ru
update0.dywkeki.ru
update0.enyzyeq.ru
update0.eyfudfb.ru
update0.fcjziku.ru
update0.fsfzgut.ru
update0.fvojelg.ru
update0.galnpfd.ru
update0.gbuhxnb.ru
update0.gmdqfbb.ru
update0.gojrckb.com
update0.haikgpx.ru
update0.hdpnrvz.ru
update0.hhuflmr.ru
update0.hrorczy.com
update0.hyjuwfz.ru
update0.icdghvi.ru
update0.indmszq.ru
update0.izshmxw.ru
update0.jbioydq.ru
update0.juppdqq.ru
update0.jxevrvv.ru
update0.jzgjldk.ru
update0.kedmtgy.com
update0.klcgduk.ru
update0.kvfwrbc.ru
update0.lnjgukh.ru
update0.lzeaeac.ru
update0.malijoo.ru
update0.mcuyfnh.ru
update0.mefzluk.ru
update0.mlxfyoz.ru
update0.mqecrky.ru
update0.msmrlsa.ru
update0.myfvwmj.ru
update0.mzvapmw.ru
update0.nugdtbl.ru
update0.nyrfkra.ru
update0.nzmmbxw.ru
update0.osqhhum.ru
update0.othihmm.ru
update0.pblkxax.com
update0.peyjasy.ru
update0.pgzarrr.ru
update0.ptaabfj.com
update0.qbasipa.ru
update0.qeprhiu.ru
update0.qhlhtmd.ru
update0.qlpyewm.ru
update0.rgmriau.ru
update0.rpzbtxx.ru
update0.rqtcxnh.ru
update0.rvzordc.ru
update0.ryorpcr.ru
update0.sbshxhb.ru
update0.slvefiv.ru
update0.tpiqcmd.ru
update0.trawxsf.ru
update0.tsferre.ru
update0.ttkkmvk.com
update0.ujozgxz.ru
update0.ukwqrlk.ru
update0.uqhbgyb.ru
update0.usildbq.ru
update0.utqudlq.ru
update0.vcfkruz.ru
update0.vfppkkd.ru
update0.vhbyqsa.ru
update0.vscpuki.ru
update0.vuebcdx.ru
update0.whbnuik.ru
update0.whtjpzk.ru
update0.widvmyb.com
update0.xamnebn.ru
update0.xfetdwu.ru
update0.xsqckec.ru
update0.ybdnfqm.ru
update0.yncupri.com
update0.zdkhdhg.ru
update0.zhwkwzd.ru
update0.zkerayl.ru
update0.zlgqgfd.ru
update0.zpbjdeb.ru
Issue Analytics
- State:
- Created 6 years ago
- Comments:8 (3 by maintainers)
Top Results From Across the Web
From PDNS: A fix length of 7, az. tlds: [ru, com] #35 - GitHub
A cluster from PDNS, look like DGA: pop.atbmbqy.ru pop.avzeenn.ru pop.axqiitr.ru ... From PDNS: A fix length of 7, a-z. tlds: [ru, com] #35....
Read more >A DGA Odyssey PDNS Driven DGA Analysis - NANOG
First we need to have daily new Domains. – Match. • New Domains in last 7 days. • Second Level Domain(SLD) not on...
Read more >PowerDNS Recursor Settings
If pdns-distributes-queries is set and this setting is set to another value than 0, the distributor thread will use a bounded load-balancing algorithm...
Read more >MyloBot (Malware Family) - Malpedia
Details for the MyloBot malware family including references, samples and yara signatures.
Read more >DGA - Netlab OpenData Project
tld : [com, org, net, ru, in] ; sld: A fix length of 8, a-z chars; 50 domains in total ; time dependent:...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
There is a DGA in the binary. It generates a new domain every 10 seconds
https://imgur.com/a/GU5ti
The PRNG is seeded with GetTickCount and the domains are therefore not predictable. The domains look like the hardcoded domains though, and I think they are used as decoys.
Finding an analysis article on this issue, unfortunately, is in Chinese. http[:]//www.freebuf.com/column/153424.html Also found another hash with this DGA: