| ID | Name |
|---|---|
| ATAGS-T1185.001 | Fast Flux DNS |
| ATAGS-T1185.002 | Domain Generation Algorithms |
| ATAGS-T1185.003 | DNS Calculation |
Threat Actors may make use of Domain Generation Algorithms (DGAs) to dynamically identify a destination domain for command and control traffic rather than relying on a list of static IP addresses or domains. This has the advantage of making it much harder for defenders to block, track, or take over the command and control channel, as there potentially could be thousands of domains that malware can check for instructions.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.