You have a list of requirements when generating an curve. Some of the requirements are needed so the equations you use have solutions, while some are there to prevent known attacks that take advantage of the structure of the curve.
The numbers should be choosen using a nothing-up-my-sleeves strategy, to prove that you haven't chosen them to enable an attack that isn't public knowledge yet. So you typically choose the first number that match all requirements, either counting sequentially, or using a preagreed pseudorandom sequence, like the Brainpool curves.
See for example the requirements used by the Brainpool curves - each requirement has a rationale.
"The simplicity of these parameters gives the NSA / NIST very little wiggle room to create a deliberately bad curve. And even the specific values of 0, 7 and 977 can be justified by security and efficiency constraints, so the chance that Bitcoin’s elliptic curve parameters were chosen with any malicious intent is very low indeed" [1]
