The Defective Domain Generation Algorithm of BazarBackdoor

This blog post is about the faulty domain generation algorithm found in some BazarBackdoor samples. The DGA not only uses an invalid tld, it also occasionally generates invalid characters for the second level domain.

Article Link: https://johannesbader.ch/blog/the-buggy-dga-of-bazarbackdoor/