Common Information
Type | Value |
---|---|
Value |
Domain Generation Algorithms - T1483 |
Category | Attack-Pattern |
Type | Mitre-Attack-Pattern |
Misp Type | Cluster |
Description | Adversaries may make use of Domain Generation Algorithms (DGAs) to dynamically identify a destination for command and control traffic rather than relying on a list of static IP addresses or domains. This has the advantage of making it much harder for defenders block, track, or take over the command and control channel, as there potentially could be thousands of domains that malware can check for instructions.(Citation: Cybereason Dissecting DGAs)(Citation: Cisco Umbrella DGA)(Citation: Unit 42 DGA Feb 2019) DGAs can take the form of apparently random or “gibberish” strings (ex: istgmxdejdnxuyla.ru) when they construct domain names by generating each letter. Alternatively, some DGAs employ whole words as the unit by concatenating words together instead of letters (ex: cityjulydish.net). Many DGAs are time-based, generating a different domain for each time period (hourly, daily, monthly, etc). Others incorporate a seed value as well to make predicting future domains more difficult for defenders.(Citation: Cybereason Dissecting DGAs)(Citation: Cisco Umbrella DGA)(Citation: Talos CCleanup 2017)(Citation: Akamai DGA Mitigation) Adversaries may use DGAs for the purpose of [Fallback Channels](https://attack.mitre.org/techniques/T1008). When contact is lost with the primary command and control server malware may employ a DGA as a means to reestablishing command and control.(Citation: Talos CCleanup 2017)(Citation: FireEye POSHSPY April 2017)(Citation: ESET Sednit 2017 Activity) |
Details | Published | Attributes | CTI | Title | ||
---|---|---|---|---|---|---|
Details | Website | 2022-06-07 | 8 | Using Entropy in Threat Hunting: a Mathematical Search for the Unknown | ||
Details | Website | 2022-04-27 | 57 | UNC2452 Merged into APT29 | Russia-Based Espionage Group | ||
Details | Website | 2022-01-01 | 288 | Shadowpad/technical-indicators at main · SentineLabs/Shadowpad | ||
Details | Website | 2021-12-06 | 0 | DNS Security: Ongoing Community Work to Mitigate Domain Name System (DNS) Security Threats – Verisign Blog | ||
Details | Website | 2021-07-13 | 15 | A BazarLoader DGA that Breaks Down in the Summer | ||
Details | Website | 2021-04-15 | 11 | BazarLoader deploys a pair of novel spam vectors | ||
Details | Website | 2020-12-21 | 3 | SolarWinds/SUNBURST: DGA or DNS Tunneling? | ||
Details | Website | 2020-12-18 | 74 | Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers - Microsoft Security Blog | ||
Details | Website | 2020-12-17 | 91 | Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations | CISA | ||
Details | Website | 2020-12-16 | 43 | UNC2452 Threat Actor Group Threat Intel Advisory | Threat Intelligence | CloudSEK | ||
Details | Website | 2020-12-13 | 49 | SolarWinds Supply Chain Attack Uses SUNBURST Backdoor | ||
Details | Website | 2019-10-25 | 1 | QSnatch - Malware designed for QNAP NAS devices | NCSC-FI | ||
Details | Website | 2019-02-07 | 12 | An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group | ||
Details | Website | 2019-01-17 | 19 | Fighting Back Against Phishing and Fraud—Part 1 | ||
Details | Website | 2018-12-16 | 0 | Basic Understanding of Command and Control Malware Server | ||
Details | Website | 2018-11-30 | 0 | 5 Tips for Uncovering Hidden Cyberthreats with DNS Analytics | ||
Details | Website | 2018-08-15 | 9 | Necurs Targeting Banks with PUB File that Drops FlawedAmmyy - Cofense | ||
Details | Website | 2018-04-18 | 51 | How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: Blockchain Infrastructure Use | Mandiant | ||
Details | Website | 2018-02-14 | 0 | You Need a New Approach to Stop Evasive Malware | Radware Blog | ||
Details | Website | 2018-01-02 | 0 | 8 Steps to Start Threat Hunting | ||
Details | Website | 2017-10-18 | 161 | Virus Bulletin :: VB2019 paper: Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error | ||
Details | Website | 2017-07-13 | 70 | Necurs Delivers | ||
Details | Website | 2016-12-06 | 0 | Explained: Domain Generating Algorithm | Malwarebytes Labs | ||
Details | Website | 2016-11-18 | 3 | Using deep learning to detect DGAs | ||
Details | Website | 2016-10-10 | 44 | Domain Generation Algorithms - Why so effective? |