Show in Graph
Common Information
Type Value
Value 
Domain Generation Algorithms - T1568.002
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may make use of Domain Generation Algorithms (DGAs) to dynamically identify a destination domain for command and control traffic rather than relying on a list of static IP addresses or domains. This has the advantage of making it much harder for defenders to block, track, or take over the command and control channel, as there potentially could be thousands of domains that malware can check for instructions.(Citation: Cybereason Dissecting DGAs)(Citation: Cisco Umbrella DGA)(Citation: Unit 42 DGA Feb 2019) DGAs can take the form of apparently random or “gibberish” strings (ex: istgmxdejdnxuyla.ru) when they construct domain names by generating each letter. Alternatively, some DGAs employ whole words as the unit by concatenating words together instead of letters (ex: cityjulydish.net). Many DGAs are time-based, generating a different domain for each time period (hourly, daily, monthly, etc). Others incorporate a seed value as well to make predicting future domains more difficult for defenders.(Citation: Cybereason Dissecting DGAs)(Citation: Cisco Umbrella DGA)(Citation: Talos CCleanup 2017)(Citation: Akamai DGA Mitigation) Adversaries may use DGAs for the purpose of [Fallback Channels](https://attack.mitre.org/techniques/T1008). When contact is lost with the primary command and control server malware may employ a DGA as a means to reestablishing command and control.(Citation: Talos CCleanup 2017)(Citation: FireEye POSHSPY April 2017)(Citation: ESET Sednit 2017 Activity)
Details Published Attributes CTI Title
Details Website 2024-11-11 2 Understanding the Different Types of IOCs —  Hashes, IPs, URLs, and More
Details Website 2024-10-29 1 Chenlun’s Evolving Phishing Tactics Target Trusted Brands
Details Website 2024-10-29 5 Phishmas Comes Early: New Developments in USPS Smishing Attacks - DomainTools | Start Here. Know Now.
Details Website 2024-10-28 9 Malware Analysis Fundamentals: Classifying and Profiling Threats
Details Website 2024-10-28 9 Malware Analysis Fundamentals: Classifying and Profiling Threats
Details Website 2024-10-22 96 Grandoreiro, the global trojan with grandiose ambitions
Details Website 2024-10-22 98 Grandoreiro banking trojan: overview of recent versions and new tricks
Details Website 2024-10-22 97 Triad Nexus: Silent Push exposes FUNNULL CDN's ongoing corruption efforts, hosting DGA bulk domains for suspect Chinese gambling sites, investment scams, a retail phishing campaign, and a supply chain attack impacting 110,000+ sites - Silent Push
Details Website 2024-10-22 97 Triad Nexus: Silent Push exposes FUNNULL CDN hosting DGA domains for suspect Chinese gambling sites, investment scams, a retail phishing campaign, and a polyfill.io supply chain attack impacting 110,000+ sites - Silent Push
Details Website 2024-10-14 55 Hidden In Plain Sight: How ErrorFather Deploys Cerberus To Amplify Cyber Threats
Details Website 2024-10-14 19 Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign Targets Brazil With Astaroth Malware
Details Website 2024-10-11 0 What Are Managed Security Services: Benefits and Solutions
Details Website 2024-10-10 0 Uncovering Domains Created by Octo2’s Domain Generation Algorithm - DomainTools | Start Here. Know Now.
Details Website 2024-10-08 0 Cybersecurity Awareness Month 2024 – Securing Our World Against Phishing Attacks
Details Website 2024-10-02 9 DNS Early Detection - RansomHUB - Breaking the Kill Chain | Infoblox
Details Website 2024-09-23 0 Why DNS Security Is Important: 3 Real-life Use Cases
Details Website 2024-09-12 41 From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking
Details Website 2024-07-19 56 New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma
Details Website 2024-07-17 95 Registered DGAs - RDGAs change threat actor landscape with Revolver Rabbit & XLoader malware | Infoblox
Details Website 2024-07-16 89 MirrorFace Attack against Japanese Organisations - JPCERT/CC Eyes
Details Website 2024-04-24 5 Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan
Details Website 2024-04-24 5 Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan
Details Website 2024-04-11 0 Pod squad: The ultimate guide to catching Kubernetes “kulprits”
Details Website 2024-03-06 16 US Public School Districts Targeted - MFA Spear Phishing Campaigns On The Rise
Details Website 2024-01-01 81 CUCKOO SPEAR Part 2: Threat Actor Arsenal