#############################################################
## Manual Page for the Padcrypt DGA
##
## Feed Provided By: John Bambenek of Bambenek Consulting
## jcb@bambenekconsulting.com // http://bambenekconsulting.com
##
#############################################################

FALSE POSITIVE RISK: Low

This DGA is used by Padcrypt ransomware and reveresed by Johannes
Bader and Lawrence Abrams.

There are two different versions of this DGA (both implemented here)
that change daily and generate 24 or 72 domains per day. It only
uses characters: abcdefnolmk and generates 16 characters for the 
domain.

tlds: com, co.uk, de, org, net, eu, info, online, co, cc, website

Reference:
https://johannesbader.ch/2016/03/the-dga-of-padcrypt/
http://www.bleepingcomputer.com/tag/padcrypt/