The Defective Domain Generation Algorithm of BazarBackdoor

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java
July 13, 2020
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation
July 16, 2020

The Defective Domain Generation Algorithm of BazarBackdoor

featured image

This blog post is about the faulty domain generation algorithm found in some BazarBackdoor samples. The DGA not only uses an invalid tld, it also occasionally generates invalid characters for the second level domain.

News Reporter
News Reporter
Head of Operations (Banking), Director IT Governance, Teamlead Microsoft, Service Delivery Manager. Interested in Office 365, LAMP, IT Security and much more!