Skip to content

T1637.001 Domain Generation Algorithms

Adversaries may use Domain Generation Algorithms (DGAs) to procedurally generate domain names for uses such as command and control communication or malicious application distribution.2

DGAs increase the difficulty for defenders to block, track, or take over the command and control channel, as there could potentially be thousands of domains that malware can check for instructions.

Item Value
ID T1637.001
Sub-techniques T1637.001
Tactics TA0037
Platforms Android, iOS
Version 1.0
Created 05 April 2022
Last Modified 05 April 2022

Procedure Examples

ID Name Description
S1067 FluBot FluBot can use Domain Generation Algorithms to connect to the C2 server.4
S0485 Mandrake Mandrake has used domain generation algorithms.3
S0411 Rotexy Rotexy procedurally generates subdomains for command and control communication.2
S1055 SharkBot SharkBot contains domain generation algorithms to use as backups in case the hardcoded C2 domains are unavailable.5