Show in Graph
Common Information
Type Value
Value 
Domain Generation Algorithms - T1483
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may make use of Domain Generation Algorithms (DGAs) to dynamically identify a destination for command and control traffic rather than relying on a list of static IP addresses or domains. This has the advantage of making it much harder for defenders block, track, or take over the command and control channel, as there potentially could be thousands of domains that malware can check for instructions.(Citation: Cybereason Dissecting DGAs)(Citation: Cisco Umbrella DGA)(Citation: Unit 42 DGA Feb 2019) DGAs can take the form of apparently random or “gibberish” strings (ex: istgmxdejdnxuyla.ru) when they construct domain names by generating each letter. Alternatively, some DGAs employ whole words as the unit by concatenating words together instead of letters (ex: cityjulydish.net). Many DGAs are time-based, generating a different domain for each time period (hourly, daily, monthly, etc). Others incorporate a seed value as well to make predicting future domains more difficult for defenders.(Citation: Cybereason Dissecting DGAs)(Citation: Cisco Umbrella DGA)(Citation: Talos CCleanup 2017)(Citation: Akamai DGA Mitigation) Adversaries may use DGAs for the purpose of [Fallback Channels](https://attack.mitre.org/techniques/T1008). When contact is lost with the primary command and control server malware may employ a DGA as a means to reestablishing command and control.(Citation: Talos CCleanup 2017)(Citation: FireEye POSHSPY April 2017)(Citation: ESET Sednit 2017 Activity)
Details Published Attributes CTI Title
Details Website 2023-10-31 0 'Prolific Puma' Hacker Gives Cybercriminals Access to .us Domains
Details Website 2023-10-12 32 Analysing a Widespread Microsoft 365 Credential Harvesting Campaign
Details Website 2023-10-05 31 RDGAs: The New Face of Domain Generation Algorithms | Infoblox
Details Website 2023-09-28 1 Machine Learning in Cybersecurity: Clustering for Threat Detection
Details Website 2023-09-15 25 Bumblebee Loader Resurfaces in New Campaign
Details Website 2023-08-06 0 DGA Domain Detection with Shannon Entropy Analysis
Details Website 2023-08-03 6 Ramnit, Jim, I’m a threat hunter, not a doctor! - DomainTools | Start Here. Know Now.
Details Website 2023-06-28 2 Cato Networks Revolutionizes Network Security With Real-Time, Machine Learning-Powered Protection
Details Website 2023-06-16 2 Unmasking Malware: Journey into the Digital Abyss (before take-off)
Details Website 2023-06-07 2 New Research Shows Bot Attacks Are Surging
Details Website 2023-05-17 1 Model-Assisted Threat Hunting (M-ATH) with the PEAK Framework
Details Website 2023-04-28 1 'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware
Details Website 2023-04-24 0 DNS Layer Security Explained. How It Stops Ransomware and Other Cyberattacks
Details Website 2023-04-15 6 What are Advanced Persistent Threats?
Details Website 2023-04-11 1 Round-Robin DNS Explained. What It Is and How It Works
Details Website 2023-04-03 17 Search | arXiv e-print repository
Details Website 2023-03-06 0 What Is Domain Generation Algorithm? Definition and Role in Malware Attacks
Details Website 2023-03-03 1 Analyzing Advanced Persistent Threats Using the MITRE ATT&CK Framework: A Case Study of APT10
Details Website 2023-03-02 199 Russia/Ukraine Update - February 2023
Details Website 2023-02-20 5 Search | arXiv e-print repository
Details Website 2023-02-13 2 Natively Integrated Security for Palo Alto Networks Ecosystems Cloud Delivered Security Services (CDSS)
Details Website 2022-12-20 133 Russia/Ukraine Update - December 2022
Details Website 2022-11-29 132 Russia/Ukraine Update - November 2022
Details Website 2022-09-28 0 The web gains 13 million malicious new domains per month
Details Website 2022-07-14 21 The Domain Generation Algorithms of SharkBot