Domain generation algorithms (DGAs) can be used by malware to dynamically generate a set of candidate domains periodically to reach the C&C center. The botnet operator likewise uses the DGA to calculate a domain name which they can register such that the DGA domain is resolvable at the time when the bots attempt to query it to enable communications.
Domain generation algorithms (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers. The large number of potential rendezvous points makes it difficult for law enforcement to effectively shut down botnets, since infected computers will attempt to contact some of these domain names every day to receive updates or commands.
|dnstwist||Domain name permutation engine||Python|
|DGADetective||Check if a domain has been created using a DGA||Node.js|
|VorpalSpyglass||A tool for automatic detection of DGA domains in PCAP-format traffic captures||Python|