Common Information
Type Value
Value
Domain Generation Algorithms - T1483
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may make use of Domain Generation Algorithms (DGAs) to dynamically identify a destination for command and control traffic rather than relying on a list of static IP addresses or domains. This has the advantage of making it much harder for defenders block, track, or take over the command and control channel, as there potentially could be thousands of domains that malware can check for instructions.(Citation: Cybereason Dissecting DGAs)(Citation: Cisco Umbrella DGA)(Citation: Unit 42 DGA Feb 2019) DGAs can take the form of apparently random or “gibberish” strings (ex: istgmxdejdnxuyla.ru) when they construct domain names by generating each letter. Alternatively, some DGAs employ whole words as the unit by concatenating words together instead of letters (ex: cityjulydish.net). Many DGAs are time-based, generating a different domain for each time period (hourly, daily, monthly, etc). Others incorporate a seed value as well to make predicting future domains more difficult for defenders.(Citation: Cybereason Dissecting DGAs)(Citation: Cisco Umbrella DGA)(Citation: Talos CCleanup 2017)(Citation: Akamai DGA Mitigation) Adversaries may use DGAs for the purpose of [Fallback Channels](https://attack.mitre.org/techniques/T1008). When contact is lost with the primary command and control server malware may employ a DGA as a means to reestablishing command and control.(Citation: Talos CCleanup 2017)(Citation: FireEye POSHSPY April 2017)(Citation: ESET Sednit 2017 Activity)
Details Published Attributes CTI Title
Details Website 2022-06-07 8 Using Entropy in Threat Hunting: a Mathematical Search for the Unknown
Details Website 2022-04-27 57 UNC2452 Merged into APT29 | Russia-Based Espionage Group
Details Website 2022-01-01 288 Shadowpad/technical-indicators at main · SentineLabs/Shadowpad
Details Website 2021-12-06 0 DNS Security: Ongoing Community Work to Mitigate Domain Name System (DNS) Security Threats – Verisign Blog
Details Website 2021-07-13 15 A BazarLoader DGA that Breaks Down in the Summer
Details Website 2021-04-15 11 BazarLoader deploys a pair of novel spam vectors
Details Website 2020-12-21 3 SolarWinds/SUNBURST: DGA or DNS Tunneling?
Details Website 2020-12-18 74 Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers - Microsoft Security Blog
Details Website 2020-12-17 91 Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations | CISA
Details Website 2020-12-16 43 UNC2452 Threat Actor Group Threat Intel Advisory | Threat Intelligence | CloudSEK
Details Website 2020-12-13 49 SolarWinds Supply Chain Attack Uses SUNBURST Backdoor
Details Website 2019-10-25 1 QSnatch - Malware designed for QNAP NAS devices | NCSC-FI
Details Website 2019-02-07 12 An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group
Details Website 2019-01-17 19 Fighting Back Against Phishing and Fraud—Part 1
Details Website 2018-12-16 0 Basic Understanding of Command and Control Malware Server
Details Website 2018-11-30 0 5 Tips for Uncovering Hidden Cyberthreats with DNS Analytics
Details Website 2018-08-15 9 Necurs Targeting Banks with PUB File that Drops FlawedAmmyy - Cofense
Details Website 2018-04-18 51 How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: Blockchain Infrastructure Use | Mandiant
Details Website 2018-02-14 0 You Need a New Approach to Stop Evasive Malware | Radware Blog
Details Website 2018-01-02 0 8 Steps to Start Threat Hunting
Details Website 2017-10-18 161 Virus Bulletin :: VB2019 paper: Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error
Details Website 2017-07-13 70 Necurs Delivers
Details Website 2016-12-06 0 Explained: Domain Generating Algorithm | Malwarebytes Labs
Details Website 2016-11-18 3 Using deep learning to detect DGAs
Details Website 2016-10-10 44 Domain Generation Algorithms - Why so effective?