Home/ MITRE Matrix/ Command and Control/ T1568.002

T1568.002Domain Generation Algorithms

T1568.002 — Domain Generation Algorithms is a MITRE ATT&CK technique in the Command and Control tactic. Clankerusecase tracks 12 detection use cases covering it and 10 threat-intel articles citing it.

Command and Control

View on the matrix → Filter Detection Library MITRE official spec ↗

12Use cases

10Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1568 · Dynamic Resolution

Use cases covering this technique (12)

Detect DGA domains using pretrained model in DSDL ESCU actions · hunting P Detect suspicious DNS TXT records using pretrained model in DSDL ESCU actions · hunting P [LLM] KongTuke TDS C2 callout to 144.31.221.82:6060 with /capcha URL path Bespoke c2 · alerting DSΣPDDCS [LLM] Argamal RAT C2 Beacon — 186.158.223.35 / freeddns / kozow / ignorelist / UDP-57441 / TCP-3747 Bespoke c2 · alerting DSΣPDDCS [LLM] Egress to typosquatted C2 flipboxstudio.info (Laravel-Lang Composer SC) Bespoke c2 · alerting DSΣPDDCS [LLM] axios RAT C2 callout to sfrclak.com / 142.11.206.73:8000 Bespoke c2 · alerting DSΣPDDCS [LLM] TeamPCP C2 / exfil egress to models.litellm.cloud, checkmarx.zone and AS205759 nodes Bespoke c2 · hunting DSΣPDDCS [LLM] bittensor-wallet 4.0.2 backdoor C2 domain contact (opentensor-* lookalikes) Bespoke c2 · alerting DSΣPDD [LLM] Outbound C2 callback to xygeni-action backdoor IP 91.214.78.178 from CI runner Bespoke c2 · hunting DSΣPDDCS [LLM] GlassWorm Solana blockchain dead-drop C2 lookup via public RPC endpoints from Node Bespoke c2 · hunting DSΣPDDCS [LLM] Egress to sidoraress json-bigint-extend gambling backdoor C2 infrastructure Bespoke c2 · alerting DSΣPDD [LLM] PlushDaemon EdgeStepper hijacking infrastructure (wcsset.com / 47.242.198.250 / 8.212.132.120) contact Bespoke c2 · hunting DSΣP

Articles citing this technique (10)

high Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting art-129

high Argamal: Malware hidden in hentai games art-137

high Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets art-145

crit ESET APT Activity Report Q4 2025–Q1 2026 art-189

high You Patched LiteLLM, But Do You Know Your AI Blast Radius? art-414

crit bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys art-431

high xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning art-435

crit GlassWorm Hides a RAT Inside a Malicious Chrome Extension art-458

high npm backdoor lets hackers hijack gambling outcomes art-535

crit PlushDaemon compromises network devices for adversary-in-the-middle attacks art-695