notes

The DGA of CoreBot

Recently, IBM’s Security X-Force researchers analysed and reported a new banking trojan called CoreBot

read
notes

Three Variants of Murofet's DGA

Murofet, also called LICAT, is a member of the ZeuS family [1], [2], [3]. It uses a Domain Generation...

read

The Faulty Precursor of Pykspa's DGA

Pyskpa is a worm that spreads over Skype. The malware has been relying on a domain generation algorithm

read

Win32/Upatre.BI - Part FourPayload Format

This last article is all about the second stage payload of Upatre. The first part shows how the...

read