I hereby claim:
- I am baderj on github.
- I am baderj (https://keybase.io/baderj) on keybase.
- I have a public key whose fingerprint is 7530 7937 A795 95FD AB48 22BB AC3C 4431 B7A7 41E6
To claim this, I am signing this object:
import argparse | |
import sqlite3 as lite | |
import os | |
from collections import defaultdict | |
def _open_db(db): | |
try: | |
con = lite.connect(db) | |
cur = con.cursor() | |
return (cur,con) |
wtipubctwiekhir.net | |
rwmu35avqo12tqc.com | |
rskb5bsfhm2fk5h.net | |
rbp9pprrxgflut9.com | |
zzxeyzgy45yy2a.net | |
e3oa4wglvd21xa.com | |
mqmq1hvmtxzjv.net | |
pd4o4wu24vimn.com | |
tlmrzvpbpsqsb.net | |
pbmnz59uzndpo.com |
import argparse | |
""" | |
Shiotob DGA | |
Generates domains for the Shiotob malware | |
- top level domains alternate between '.net' and '.com' | |
- domains are between 14 and 19 characters long | |
- domains consist of all letters and digits 123945 |
10006520 ; =============== S U B R O U T I N E ======================================= | |
10006520 | |
10006520 ; Attributes: bp-based frame | |
10006520 | |
10006520 ; int __cdecl create_domain(int third_lvl_len, int second_and_top_lvl, size_t type) | |
10006520 create_domain proc near ; CODE XREF: calls_create_next_url+A30p | |
10006520 ; sub_1000B530+1A6p ... | |
10006520 | |
10006520 first_letters = dword ptr -0Ch | |
10006520 second_letters = dword ptr -8 |
I hereby claim:
To claim this, I am signing this object:
# see http://www.johannesbader.ch/2015/03/the-dga-of-dircrypt/ | |
import argparse | |
class RandInt: | |
def __init__(self, seed): | |
self.seed = seed | |
def rand_int_modulus(self, modulus): | |
ix = self.seed |
import hashlib | |
from datetime import datetime, timedelta | |
import argparse | |
def dga(date, key): | |
for min17 in range(1020): | |
seed = 8*[0] | |
seed[0] = (date.year & 0xFF + 0x30) & 0xFF | |
seed[1] = date.month & 0xFF |
import argparse | |
def get_domains(nr, how_many): | |
bases = { | |
1: { | |
'length': 7, | |
'tld': 'com', | |
'key': '1676d5775e05c50b46baa5579d4fc7', | |
'base': 0x45AE94B2 | |
}, |
Tinba Seeds | |
=========== | |
DGA described here: http://garage4hackers.com/entry.php?b=3086 | |
## Sample 241182633670431857e068736088c737 | |
harddomain: blackfreeqazyio.cc | |
seed: jc74FlUna852Ji9o | |
malwr link: https://malwr.com/analysis/OTQ3NjYzNmUyZDQ2NGY2YTk1NDNjNmYxYTdlMmQ1MjM/ |
import argparse | |
import sqlite3 as lite | |
import os | |
def _open_db(db): | |
try: | |
con = lite.connect(db) | |
cur = con.cursor() | |
return (cur,con) | |
except lite.Error as e: |