DGA is a classic botnet adversarial detection technology. Its principle is to use a certain DGA algorithm, combined with a specific seed and the current date, to generate a large number of domain names on a regular basis, and the attacker only selectively registers a very small number of them.
REFERENCE: https://blog.netlab.360.com/orchard-dga/
MALWARE FAMILY: Orchard
ATT&CK IDS: T1094 - Custom Command and Control Protocol, T1583.005 - Botnet, T1483 - Domain Generation Algorithms
Read More:
Comments