A threat hunter identifies a binary that uses a Domain Generation Algorithm (DGA) to create domain names like 'eksdghf23.com', 'mzncxv89.net' each day. The malware contacts these domains over HTTPS. Which phase of the Cyber Kill Chain is most directly associated with this technique?
DGA is a C2 technique to evade domain blacklisting.
Why this answer
DGA domains are used to maintain resilient command and control infrastructure, which falls under the C2 phase.