This blog post is about the faulty domain generation algorithm found in some BazarLoader samples. The DGA not only uses an invalid tld, it also occasionally generates invalid characters for the second level domain.| Binary Reverse Engineering Blog
