Domain Generation Algorithms (DGA)

Domain Generation Algorithms (DGA) are used in a variety of malware types to create a large number of domain names for use in communication with command and control (C&C or C2) servers. In order to achieve autonomous update capabilities, C&C server destinations are often hard-coded into the malware itself—making it easier for law enforcement and cybersecurity forces to find and shut down. DGAs create a large number of potential communication points, and allows malware to reach out to any number of those points—at random—to request updates.

Over the last decade, DGAs have become popular in the Tactics, Techniques and Procedures (TTP) used by threat actors for delivering malware because it can often be a difficult for defenders to counter attacks.