TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Private whois services
Private whois services
Every domain registrar maintains a publicly viewable database that displays contact information for every registered domain. Private 'whois' services display alternative information, such as their own company data, rather than the owner of the domain. [1]
ID: T1305
Sub-techniques:
No sub-techniques
Tactic:
Adversary Opsec
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Detection
Detectable by Common Defenses (Yes/No/Partial): Yes
Explanation: Algorithmically possible to detect COTS service usage or use of non-specific mailing addresses (PO Boxes, drop sites, etc.)
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Commercially available or easy to set up and/or register using a disposable email account.
References
- Mandiant. (n.d.). APT1: Exposing One of China’s Cyber Espionage Units. Retrieved March 5, 2017.
×