top of page

Search

The DGA family Orchard continues to change

Stormsec
Aug 5, 2022
1 min read

DGA is a classic botnet adversarial detection technology. Its principle is to use a certain DGA algorithm, combined with a specific seed and the current date, to generate a large number of domain names on a regular basis, and the attacker only selectively registers a very small number of them.

REFERENCE: https://blog.netlab.360.com/orchard-dga/

TAGS: botnet , xmrig , dga , orchard

MALWARE FAMILY: Orchard

ATT&CK IDS: T1094 - Custom Command and Control Protocol, T1583.005 - Botnet, T1483 - Domain Generation Algorithms

Read More:

https://otx.alienvault.com/pulse/62ecea54201d22e433bfcac8

Recent Posts

UNC961: Three Encounters with a Financially Motivated Threat Actor

UNC961: Three Encounters with a Financially Motivated Threat Actor

DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid De

DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid De

Stealing the LIGHTSHOW — North Korea's UNC2970

Stealing the LIGHTSHOW — North Korea's UNC2970

Comments

Commenting on this post isn't available anymore. Contact the site owner for more info.

bottom of page