Domain Generation Algorithms (DGA)
The use of algorithms in malware to periodically generate a large number of domain names which function as rendezvous points for malware command and control servers.  
Tactic: Adversary Opsec
DetectionDetectable by Common Defenses (Yes/No/Partial): Partial
Explanation: It is possible to detect the use of DGAs; however, defenders have largely not been successful at mitigating the domains because they are generally registered less than an hour before they are used and disposed of within 24 hours.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): Yes
Explanation: This technique does not require a significant amount of sophistication while still being highly effective. It was popularized by the Conficker worms but is prevalent in crimeware such as Murofet and BankPatch.
- Damballa Day Before Zero Blog. (2012, March 5). Domain Generation Algorithms (DGA) in Stealthy Malware. Retrieved March 6, 2017.
- Damballa. (n.d.). DGAs in the Hands of Cyber-Criminals Examining The State Of The Art In Malware Evasion Techniques. Retrieved March 6, 2017.