cti/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json

{
    "type": "bundle",
    "id": "bundle--a732f810-3a05-4019-bc94-f4de717b1bb7",
    "spec_version": "2.0",
    "objects": [
        {
            "type": "attack-pattern",
            "id": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de",
            "created": "2019-09-23T13:11:43.694Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": true,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/techniques/T1520",
                    "external_id": "T1520"
                },
                {
                    "source_name": "Data Driven Security DGA",
                    "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.",
                    "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/"
                },
                {
                    "source_name": "securelist rotexy 2018",
                    "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan \u2013 banker and ransomware. Retrieved September 23, 2019.",
                    "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "modified": "2025-10-24T17:48:50.736Z",
            "name": "Domain Generation Algorithms",
            "description": "Adversaries may use [Domain Generation Algorithms](https://attack.mitre.org/techniques/T1520) (DGAs) to procedurally generate domain names for command and control communication, and other uses such as malicious application distribution.(Citation: securelist rotexy 2018)\n\nDGAs increase the difficulty for defenders to block, track, or take over the command and control channel, as there potentially could be thousands of domains that malware can check for instructions.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "command-and-control"
                }
            ],
            "x_mitre_attack_spec_version": "3.2.0",
            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
            "x_mitre_version": "1.0",
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
            ]
        }
    ]
}