Select malware families have used Domain Generating Algorithms (DGAs) over the past few years in an effort to evade analysts’ abilities to predict attackers’ control servers. This presentation demonstrates end-to-end analysis of a DGA malware family, from binary deobfuscation to DGA analysis, to sinkholing, to domain registrant research, to attribution of the malware’s author and accomplices.