Tagbazarloader

A Look Back at BazarLoader’s DGA

A

I was recently asked a question about DGA and I was unsatisfied with my explanation, so I wanted to write a quick post on DGA, what it is, and how it works. I learned a lot going through this exercise and I hope you enjoy it. What is DGA? A Domain Generation Algorithm (DGA) is a technique used by malware authors to generate new domain names for malware command and control. Typically malware will...

BazarLoader – Back From Holiday Break

B

We recently observed a Bazarloader campaign at $dayjob, kicking off the return of maldoc campaigns after the holidays. This campaign piqued my interest after it hit on my SPLCrypt Yara rule that I wrote a while back, so I figured why not do a quick write-up and share that rule out. If there are any errors in this post, please feel free to reach out to me for corrections. I’m still learning...