Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pchaigno/dga-collection
A collection of known Domain Generation Algorithms
https://github.com/pchaigno/dga-collection
dga dga-collection malware
Last synced: about 2 months ago
JSON representation
A collection of known Domain Generation Algorithms
- Host: GitHub
- URL: https://github.com/pchaigno/dga-collection
- Owner: pchaigno
- License: mit
- Created: 2015-01-15T21:23:34.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2016-04-04T18:17:40.000Z (over 8 years ago)
- Last Synced: 2024-10-13T22:47:23.475Z (2 months ago)
- Topics: dga, dga-collection, malware
- Language: Python
- Size: 33.2 KB
- Stars: 67
- Watchers: 8
- Forks: 24
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# DGA Collection
[![Build Status](https://travis-ci.org/pchaigno/dga-collection.svg?branch=master)](https://travis-ci.org/pchaigno/dga-collection)
[![Coverage Status](https://coveralls.io/repos/github/pchaigno/dga-collection/badge.svg?branch=master)](https://coveralls.io/github/pchaigno/dga-collection?branch=master)A collection of known [Domain Generation Algorithms](https://en.wikipedia.org/wiki/Domain_generation_algorithm):
- [Torpig](https://seclab.cs.ucsb.edu/media/uploads/papers/torpig.pdf)
- [ZeusBot](http://vrt-blog.snort.org/2014/03/decoding-domain-generation-algorithms.html)
- [Cryptolocker](https://blog.fortinet.com/post/a-closer-look-at-cryptolocker-s-dga)
- [Necurs](http://www.johannesbader.ch/2015/02/the-dgas-of-necurs/)
- [Symmi](http://www.johannesbader.ch/2015/01/the-dga-of-symmi/)
- [Ranbyus](http://www.johannesbader.ch/2015/05/the-dga-of-ranbyus/)## Usage
For each DGA, the list of domains can be easily generated:
```python
from datetime import date
from Necurs import Necurs# Compute domains for the current day/period:
Necurs.domains()# Compute domains for a given date:
Necurs.domainsFor(date(2015, 1, 20))
```The `couldUseDomain` method can also prove useful to help classify domains:
```python
Necurs.couldUseDomain('thislabelcontainsaz.biz')
# => FalseNecurs.couldUseDomain('boymlujtgp.nu')
# => True
```## Contributing
Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for instructions on how to add a new DGA.
## License
This project is under [MIT license](LICENSE).
It uses results from reverse-engineering analyses published on various blogs including:
- [Johannes Bader's blog](http://www.johannesbader.ch)
- [VRT blog](http://vrt-blog.snort.org)
- [Fortinet blog](https://blog.fortinet.com)