# Domain Generation Algorithm (DGA): Python Implementation
Ways to disseminate the DGA seed:
(1) Spread inside the bot config (easy but insecure);
(2) Generate based on the GetSystemInfo & GetCurrentUser etc. (local environment) (more secure)
(3) Pull additional websites based off the seed websites’ HTML source code . Example,
ROEbG92ZXJhaW4ueHl6ROE
# ROE is a marker for Base64-encoded loverain.xyz
1.
# -*- coding: utf-8 -*-
import hashlib
def md5_dga(seed):
var = hashlib.md5() # hash the seed using the entry algorithm
var.update(seed) name =
var.hexdigest() # cut all the strings after the 10th one
part = name[:10]
return “{}.xyz”.format(part)
seed = “cm9jayduJ3JvbGw=” # ASCII: rock’n’roll
for x in range(12):
seed = md5_dga(seed)
print seed
2.
# -*- coding: utf-8 -*-
import hashlib
dga_dictionary = [‘btc’, ‘love’, ‘bit’,‘rain’,‘drop’]
def dictionary_dga(seed):
ln = len(dga_dictionary) # check the maximum length of the DGA dictionary
if ln * ln <= seed:
return False # choose 2 words
first = seed / ln
last = seed % ln # create an address concatenating variable 1 + variable 2
addr = “{}{}.xyz”.format(dga_dictionary[first],dga_dictionary[last])
return addr
for x in range(20):
print dictionary_dga(x)
Reverse Engineering, Malware Deep Insight 