End-to-End Analysis of a Domain Generating Algorithm Malware Family
Common Information
| Type | Value |
|---|---|
| UUID | a0ce726d-f28c-478d-be7b-58e717ef6e79 |
| Fingerprint | 983d50714d888afd98d8e6b37d5da9567be29af7844cdf396902ce4240dd1289 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 19, 2013, 1:05 p.m. |
| Added to db | April 14, 2024, 4:05 a.m. |
| Last updated | Aug. 31, 2024, 6:09 a.m. |
| Headline | End-to-End Analysis of a Domain Generating Algorithm Malware Family |
| Title | End-to-End Analysis of a Domain Generating Algorithm Malware Family |
| Detected Hints/Tags/Attributes | 179/3/247 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | 30.com |
|
| Details | Domain | 9 | blog.threatexpert.com |
|
| Details | Domain | 1 | www.cs.ut.ee |
|
| Details | Domain | 5 | www.damballa.com |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 16 | www.hex-rays.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 158 | aol.com |
|
| Details | Domain | 1 | 1800reminders.com |
|
| Details | Domain | 1 | deluxeforbusiness.com |
|
| Details | Domain | 2 | yahoogroups.com |
|
| Details | Domain | 4 | facebookmail.com |
|
| Details | Domain | 1 | geico.com |
|
| Details | Domain | 1 | nwa.com |
|
| Details | Domain | 287 | yahoo.com |
|
| Details | Domain | 179 | hotmail.com |
|
| Details | Domain | 21 | comcast.net |
|
| Details | Domain | 1174 | gmail.com |
|
| Details | Domain | 1 | collegeearly.net |
|
| Details | Domain | 1 | twelvedistant.net |
|
| Details | Domain | 1 | weathereearly.net |
|
| Details | Domain | 1 | electricanother.net |
|
| Details | Domain | 1 | flierinstead.net |
|
| Details | Domain | 1 | nightstream.net |
|
| Details | Domain | 1 | smallbusiness.yahoo.com |
|
| Details | Domain | 1 | www.omnis.com |
|
| Details | Domain | 1 | morningpaint.net |
|
| Details | Domain | 1 | nightdifferent.net |
|
| Details | Domain | 1 | quietsoldier.net |
|
| Details | Domain | 1 | weatherdivide.net |
|
| Details | Domain | 1 | withinshould.net |
|
| Details | Domain | 1 | amountcondition.net |
|
| Details | Domain | 1 | collegebeside.net |
|
| Details | Domain | 1 | wouldstrong.net |
|
| Details | Domain | 1 | riddenspring.net |
|
| Details | Domain | 1 | sufferfence.net |
|
| Details | Domain | 1 | heardstrong.net |
|
| Details | Domain | 1 | variousopinion.net |
|
| Details | Domain | 1 | heavyairplane.net |
|
| Details | Domain | 1 | husbandbuilt.net |
|
| Details | Domain | 1 | degreeanimal.net |
|
| Details | Domain | 1 | nightwagon.net |
|
| Details | Domain | 1 | quietcharacter.net |
|
| Details | Domain | 1 | recordwelcome.net |
|
| Details | Domain | 1 | presentrealize.net |
|
| Details | Domain | 1 | quietfurther.net |
|
| Details | Domain | 1 | tradegovern.net |
|
| Details | Domain | 1 | oftenbridge.net |
|
| Details | Domain | 1 | middleuntil.net |
|
| Details | Domain | 1 | www.intracom.com |
|
| Details | Domain | 1 | www.intrakat.gr |
|
| Details | Domain | 1 | electricflower.net |
|
| Details | Domain | 1 | gatherstranger.net |
|
| Details | Domain | 1 | largesister.net |
|
| Details | Domain | 1 | quietstation.net |
|
| Details | Domain | 1 | ratherminute.net |
|
| Details | Domain | 1 | chieflabor.net |
|
| Details | Domain | 1 | morninglisten.net |
|
| Details | Domain | 1 | destroysafety.net |
|
| Details | Domain | 1 | sufferseparate.net |
|
| Details | Domain | 1 | forgetdress.net |
|
| Details | Domain | 1 | orderbranch.net |
|
| Details | Domain | 1 | glasstrust.net |
|
| Details | Domain | 1 | remembernothing.net |
|
| Details | Domain | 1 | riddeninstead.net |
|
| Details | Domain | 1 | sufferpeople.net |
|
| Details | Domain | 1 | ordercourse.net |
|
| Details | Domain | 1 | variousstream.net |
|
| Details | Domain | 1 | glassbright.net |
|
| Details | Domain | 1 | answerletter.net |
|
| Details | Domain | 1 | gentlecondition.net |
|
| Details | Domain | 1 | tradelength.net |
|
| Details | Domain | 1 | decideneither.net |
|
| Details | Domain | 1 | fliernorth.net |
|
| Details | Domain | 1 | streetlaughter.net |
|
| Details | Domain | 1 | breadsafety.net |
|
| Details | Domain | 1 | nighteearly.net |
|
| Details | Domain | 1 | twelveduring.net |
|
| Details | Domain | 1 | collegehonor.net |
|
| Details | Domain | 2 | myprivateregistration.com |
|
| Details | Domain | 1 | morningbelieve.net |
|
| Details | Domain | 1 | weathertrust.net |
|
| Details | Domain | 1 | thickstream.net |
|
| Details | Domain | 1 | morningready.net |
|
| Details | Domain | 1 | increaseoffice.net |
|
| Details | Domain | 1 | chairdinner.net |
|
| Details | Domain | 1 | journeystorm.net |
|
| Details | Domain | 1 | antaragroup.org |
|
| Details | Domain | 1 | ahai-group.com |
|
| Details | Domain | 1 | azrhgroup.com |
|
| Details | Domain | 1 | kpl-business.com |
|
| Details | Domain | 1 | logicom-holding.com |
|
| Details | Domain | 1 | trust-core.net |
|
| Details | Domain | 1 | int-group.us |
|
| Details | Domain | 1 | international-wire.com |
|
| Details | Domain | 1 | itpservices.us |
|
| Details | Domain | 1 | mtkoffice.co.uk |
|
| Details | Domain | 1 | intracomfinancial.com |
|
| Details | Domain | 1 | intracombusiness.com |
|
| Details | Domain | 1 | fastwire.us |
|
| Details | Domain | 1 | omnis.com |
|
| Details | Domain | 1 | www.pageglance.com |
|
| Details | Domain | 1 | rhgroup.co.uk |
|
| Details | Domain | 1 | www.ripoffreport.com |
|
| Details | Domain | 1 | www.ivetriedthat.com |
|
| Details | Domain | 1 | www.scam.com |
|
| Details | Domain | 105 | web.archive.org |
|
| Details | Domain | 1 | www.bobbear.co.uk |
|
| Details | Domain | 1 | rbs-partners.com |
|
| Details | Domain | 1 | domain.tech |
|
| Details | Domain | 1 | yahoo-inc.com |
|
| Details | Domain | 1 | webexperts.co |
|
| Details | Domain | 3 | aruba.it |
|
| Details | Domain | 1 | contactprivacy.com |
|
| Details | Domain | 1 | mojodirecto.com |
|
| Details | Domain | 36 | domaintools.com |
|
| Details | Domain | 268 | www.virustotal.com |
|
| Details | Domain | 53 | blog.avast.com |
|
| Details | Domain | 2 | service.mcafee.com |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | 1 | billing@deluxeforbusiness.com |
||
| Details | 1 | consultant_fiscal-unsubscribe@yahoogroups.com |
||
| Details | 1 | fbmessage+fepvdccz@facebookmail.com |
||
| Details | 1 | geico_claims@geico.com |
||
| Details | 1 | northwest.airlines@nwa.com |
||
| Details | 1 | rgilleyiii@yahoo.com |
||
| Details | 1 | surianomarco977@yahoo.com |
||
| Details | 1 | robertwseifert@yahoo.com |
||
| Details | 1 | gilleyiiir@yahoo.com |
||
| Details | 1 | marcosuriano241@yahoo.com |
||
| Details | 1 | markemr611@yahoo.com |
||
| Details | 1 | clintmbertke@yahoo.com |
||
| Details | 1 | jerome_engel@yahoo.com |
||
| Details | 1 | timothygirvinz@yahoo.com |
||
| Details | 1 | lynchashlylynn@yahoo.com |
||
| Details | 1 | clintmbertke@aol.com |
||
| Details | 1 | seifertrobertw@yahoo.com |
||
| Details | 1 | darrylgbucher@yahoo.com |
||
| Details | 1 | coxkassandra@yahoo.com |
||
| Details | 1 | emmetmax@yahoo.com |
||
| Details | 1 | percymarley@yahoo.com |
||
| Details | 1 | donnybonham184@yahoo.com |
||
| Details | 1 | alankimberley@yahoo.com |
||
| Details | 1 | nettanathanson@yahoo.com |
||
| Details | 1 | shaynestafford@yahoo.com |
||
| Details | 1 | degreeanimal@yahoo.com |
||
| Details | 1 | marcosuriano21@yahoo.com |
||
| Details | 1 | marcosuriano86@yahoo.com |
||
| Details | 1 | rothken@yahoo.com |
||
| Details | 1 | surianom32@yahoo.com |
||
| Details | 1 | marodarco932@yahoo.com |
||
| Details | 1 | guessley_lacrete@yahoo.com |
||
| Details | 1 | guinesslacrete@yahoo.com |
||
| Details | 1 | largesistersite@yahoo.com |
||
| Details | 1 | lacreteguessley@yahoo.com |
||
| Details | 1 | ratherminute@yahoo.com |
||
| Details | 1 | chieflabor@yahoo.com |
||
| Details | 1 | morninglisten@yahoo.com |
||
| Details | 1 | tripplarryg@yahoo.com |
||
| Details | 1 | guessley.lacrete@yahoo.com |
||
| Details | 1 | guesslyme@yahoo.com |
||
| Details | 1 | lacrete.guessley@yahoo.com |
||
| Details | 1 | lacreteguessley34@yahoo.com |
||
| Details | 1 | girvint@yahoo.com |
||
| Details | 1 | timothygirvin@yahoo.com |
||
| Details | 1 | ricchioike@yahoo.com |
||
| Details | 1 | iricchio@yahoo.com |
||
| Details | 1 | greglheesch@yahoo.com |
||
| Details | 1 | markemr591@yahoo.com |
||
| Details | 1 | ike2ricchio4@yahoo.com |
||
| Details | 1 | markemr847@yahoo.com |
||
| Details | 1 | gilleyiiirichardmoir@yahoo.com |
||
| Details | 1 | grichardmoir@yahoo.com |
||
| Details | 1 | markemr378@yahoo.com |
||
| Details | 1 | rothkai@yahoo.com |
||
| Details | 1 | markemr442@yahoo.com |
||
| Details | 1 | richardmoirgilleyiii@yahoo.com |
||
| Details | 1 | marcosuriano785@yahoo.com |
||
| Details | 1 | girvintimothy@yahoo.com |
||
| Details | 1 | markemr899@yahoo.com |
||
| Details | 1 | ashlylynnlynch@yahoo.com |
||
| Details | 1 | mark2emr5@aol.com |
||
| Details | 1 | groweno@yahoo.com |
||
| Details | 1 | lucasrogerson@yahoo.com |
||
| Details | 1 | sadieashley747@yahoo.com |
||
| Details | 1 | intgroup99@yahoo.com |
||
| Details | 1 | gmiaek@yahoo.com |
||
| Details | 1 | fastwire999@yahoo.com |
||
| Details | 1 | eg6254@yahoo.com |
||
| Details | 1 | sonnymarial@aol.com |
||
| Details | 1 | rgffi12@gmail.com |
||
| Details | 1 | anitar002@aol.com |
||
| Details | 1 | richardmoir.gilleyiii@aol.com |
||
| Details | File | 1 | kraken-changes-tactics.html |
|
| Details | File | 252 | www.cs |
|
| Details | File | 1 | imc104-yadav.pdf |
|
| Details | File | 1 | wp_dgas-in-the-hands-of-cyber-criminals.pdf |
|
| Details | File | 1 | xzseqwspulaosugiingat.exe |
|
| Details | File | 1 | xzseqwswatch_dog_name.exe |
|
| Details | File | 61 | search.php |
|
| Details | File | 1 | northwest.ai |
|
| Details | File | 1 | 7b5qd.htm |
|
| Details | File | 32 | showthread.php |
|
| Details | File | 1 | interpaygroup.html |
|
| Details | File | 1 | itp.html |
|
| Details | File | 1 | mtk.html |
|
| Details | File | 1 | intracom.html |
|
| Details | File | 1 | fastwire-group.html |
|
| Details | File | 1 | faqdocument.aspx |
|
| Details | File | 31 | writeup.jsp |
|
| Details | File | 18 | entry.aspx |
|
| Details | Url | 1 | http://blog.threatexpert.com/2008/04/kraken-changes-tactics.html |
|
| Details | Url | 1 | http://www.cs.ut.ee/~koit/kt/imc104-yadav.pdf |
|
| Details | Url | 1 | https://www.damballa.com/downloads/r_pubs/wp_dgas-in-the-hands-of-cyber-criminals.pdf |
|
| Details | Url | 1 | http://en.wikipedia.org/wiki/one-time_pad |
|
| Details | Url | 1 | https://www.hex-rays.com/products/decompiler/index.shtml |
|
| Details | Url | 1 | http://www.crowdstrike.com/community-tools |
|
| Details | Url | 1 | http://en.wikipedia.org/wiki/email_address#local_part |
|
| Details | Url | 1 | http://en.wikipedia.org/wiki/nicolae_gu%c5%a3%c4%83 |
|
| Details | Url | 1 | http://en.wikipedia.org/wiki/romani_people |
|
| Details | Url | 1 | http://en.wikipedia.org/wiki/manele |
|
| Details | Url | 1 | http://en.wikipedia.org/wiki/costi_ioni%c8%9b%c4%83 |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/adrian_minune |
|
| Details | Url | 1 | http://en.wikipedia.org/wiki/florin_salam |
|
| Details | Url | 1 | http://en.wikipedia.org/wiki/whois |
|
| Details | Url | 1 | http://smallbusiness.yahoo.com |
|
| Details | Url | 1 | http://www.omnis.com |
|
| Details | Url | 1 | http://en.wikipedia.org/wiki/sokratis_kokkalis |
|
| Details | Url | 1 | http://www.intracom.com |
|
| Details | Url | 1 | http://www.bgf.hu/kkk/szervezetiegysegeink/oktatasiszervezetiegysegek/nemzgazdszinttan/nemetto/hirek |
|
| Details | Url | 1 | http://www.intrakat.gr/en/the-company/message-from-the-managing-director |
|
| Details | Url | 1 | http://www.intrakat.gr |
|
| Details | Url | 1 | http://www.pageglance.com/rhgroup.co.uk |
|
| Details | Url | 1 | http://www.ripoffreport.com/home-based-business/rbs-partners-us-wire/rbs-partners-us-wire-wire-ri- |
|
| Details | Url | 1 | http://www.ivetriedthat.com/2011/05/04/beware-of-kpl-business-com |
|
| Details | Url | 1 | http://www.scam.com/showthread.php?t=117139&page=23 |
|
| Details | Url | 1 | http://web.archive.org/web/20091115114219/http://www.bobbear.co.uk/interpaygroup.html |
|
| Details | Url | 1 | http://web.archive.org/web/20091213093221/http://www.bobbear.co.uk/itp.html |
|
| Details | Url | 1 | http://web.archive.org/web/20090922163916/http://www.bobbear.co.uk/mtk.html |
|
| Details | Url | 1 | http://web.archive.org/web/20100505083203/http://www.bobbear.co.uk/intracom.html |
|
| Details | Url | 1 | http://www.bobbear.co.uk/fastwire-group.html |
|
| Details | Url | 7 | http://www.virustotal.com |
|
| Details | Url | 1 | https://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured |
|
| Details | Url | 1 | http://service.mcafee.com/faqdocument.aspx?id=ts100414 |
|
| Details | Url | 2 | http://www.symantec.com/security_response/writeup.jsp?docid=2010 |
|
| Details | Url | 1 | http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=trojan%3awin32%2fsuppobo |
|
| Details | Windows Registry Key | 582 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |