Advanced Malware communications to remote control servers known as C&C servers do not rely on static hard-coded lists of IP addresses or domain names but use Domain Generation Algorithms (DGA) that dynamically produce a number of candidate domains in order to test and find one live C&C which is listening to requests.
A Domain Generation Algorithm (DGA) makes it almost impossible to extract an accurate list of all possible C&C servers, provides cyber criminals with a small but agile physical C&C infrastructure and the possibility of just-in-time domain names registration that complicate matters to response and law enforcement teams.
Read more here – https://blog.damballa.com/archives/1998