expiro - seeds

[unglaublicherdude]

Hi, is the expiro algorithm also date-sensitive? We try to figure out how to get a seed by date so we can precalculate the domains for blocking. Any idea?

[baderj]

I did not find an obvious routine that calculates the seed, so I assumed it is time-insensitive. The previous DGA, which I did not yet bother to reverse, was time-insensitive (with domains like hdecub-ydyg.ru). Since the new DGA emerged in December 2021, the seed did not change so I think there is a big chance that it is indeed time-independent.

But it would hurt to check for yourself if you have the time and of course I would be very much interested to learn if the seed is not fixed.

[baderj]

It turns out there is a time dependent variant, but it is not nearly as widespread as the static DGA. You can find the dynamic version in the m0yv folder.