DGA is one of the classic techniques for botnets to hide their C2s, attacker only needs to selectively register a very small number of C2 domains, while for the defenders, it is difficult to determine in advance which domain names will be generated and registered. 360 netlab has long focused| 360 Netlab Blog - Network Security Research Lab at 360
引子 2025 年 2 月 24 日,美国全国广播公司新闻(NBC News)报道称:“华盛顿特区的美国住房与城市发展部(HUD)总部的电视设备突然播放了一段未经授权的 AI 生成视频。视频画面中,唐纳德·特朗普总统弯腰亲吻埃隆·马斯克的脚趾,并配以LONG LIVE THE REAL KING的醒目字幕。工作人员无法关闭只能被迫拔掉所有电视电源”。这一事件迅速引发舆论热议,公众广泛讨论。网络安全...| 奇安信 X 实验室
Introduction The Dutch tax authorities state that a managing Director/Shareholder (DGA) must be paid a salary of at least € 56.000. This is not obligated! The Dutch tax authorities introduced this minimum salary requirement so that a Dutch B.V. can’t pay dividends to its DGA before at least € 56.000 of salary is paid to […] The post The Director/Shareholder Minimum Salary (DGA) appeared first on Bolder Launch.| Bolder Launch
Summary XLab's Cyber Threat Insight and Analysis system(CTIA) recently detected a sophisticated malicious payload delivery and upgrade framework, which we have named DarkCracks. This framework is characterized by its zero detection rate on VirusTotal, high persistence, stealth, and a well-designed upgrade mechanism, leveraging high-performance, stable online infrastructure as its| 奇安信 X 实验室
摘要 我们的XLab大网威胁感知系统最近捕获了一个VirusTotal 0检测, 高持续、高隐匿、高完善升级设计、并利用高性能稳定在线设备作为其基础设施的恶意载荷投递&升级框架系统。 从我们的数据来看,这个我们命名为DarkCracks的恶意程序设计精良,背后的攻击者绝非普通的脚本小子。虽然我们对他的载荷投递&升级框架体系已经掌握,但由于高隐匿性,它的Launcher组件我们截止目...| 奇安信 X 实验室
Infoblox Threat Intel exposes registered DGAs (RDGAs), the novel DGAs used by threat actors like Revolver Rabbit to deliver XLoader, Hancitor, and other malware| Infoblox Blog
A domain generation algorithm is a routine/program that generates a domain dynamically. Think of the following example: An actor registers the domain evil.com. The corresponding backdoor has this domain hardcoded into its code. Once the attacker infects a target with this malware, it will start contacting its C2 server. As soon as a security company …DGAs – Generating domains dynamically Read More »| Malware and Stuff
This very short post shows the Domain Generation Algorithm of BumbleBee, a loader for Cobalt Strike or other malware.| Binary Reverse Engineering Blog
Video that shows the DGA of the fileinfector m0yv and results of sinkholing domains for over a year.| Binary Reverse Engineering Blog
The Orchard malware uses a domain generation algorithm (DGA) that is seeded both by the current date, and also by the current balance of the Bitcoin genesis block.| Binary Reverse Engineering Blog
Domain generation algorithms are relatively straightforward to program and usually bug free. Not so the new DGA of BazarLoader, which goes haywire during the summer months.| Binary Reverse Engineering Blog
Bazar Loader decided to change its perfectly fine domain generation algorithm (DGA) once again. The change in the algorithm is very minor, but it yields more domain names.| Binary Reverse Engineering Blog
This blog post shows yet another domain generation algorithm of Bazar Loader. Although it still uses exclusively the .bazar top level domain and similar seeding, the algorithm itself is completely new.| Binary Reverse Engineering Blog
This blog post is about the faulty domain generation algorithm found in some BazarLoader samples. The DGA not only uses an invalid tld, it also occasionally generates invalid characters for the second level domain.| Binary Reverse Engineering Blog
DGA是一种经典的botnet对抗检测的技术,其原理是使用某种DGA算法,结合特定的种子和当前日期,定期生成大量的域名,而攻击者只是选择性的注册其中的极少数。对于防御者而言,因为难以事先确定哪些域名会被生成和注册,因而防御难度极大。 360 netlab长期专注于botnet攻防技术的研究,维护了专门的DGA算法和情报库,并通过订阅情报的方式与业界分享研究成果。近期我们在...| 360 Netlab Blog - Network Security Research Lab at 360