Benign DGA from TcpRoute2
suqitian opened this issue · comments
- A cluster from our LTCA(Long tail cluster algorithms).
| Date | Hostname |
|---|---|
| 20170418 | 1492462334dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
| 20170418 | 1492459806dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
| 20170418 | 1492462441dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
| 20170418 | 1492460830dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
| 20170418 | 1492462508dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
| 20170419 | 1492589511dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
| 20170419 | 1492590065dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
| 20170419 | 1492590773dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
| 20170419 | 1492590072dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
| 20170419 | 1492590075dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com |
- Actually, these domains were generated by an application named TcpRoute2.
go func() {
defer wg.Done()
for _, q := range queries {
domain := fmt.Sprint(time.Now().Unix(), "dshsdjhsdsgsevstyhndrdrntrtvsvstbruiuok095g.com")
q.query(domain, recordChan, exitChan)
}
}()
- Do not need to block these queries on DNS service.