TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Dynamic DNS
Dynamic DNS
Dynamic DNS is a method of automatically updating a name in the DNS system. Providers offer this rapid reconfiguration of IPs to hostnames as a service. [1]
ID: T1311
Sub-techniques:
No sub-techniques
Tactic:
Adversary Opsec
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Similar Techniques by Tactic
Tactic | Technique |
---|---|
Establish & Maintain Infrastructure | Dynamic DNS |
Procedure Examples
Name | Description |
---|---|
TEMP.Veles |
TEMP.Veles has used dynamic DNS.[2] |
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Defender will not know at first use what is valid or hostile traffic without more context. It is possible, however, for defenders to see if the PTR record for an address is hosted by a known DDNS provider. There is potential to assign some level of risk based on this.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Flexible and re-configurable command and control servers, along with deniable ownership and reduced cost of ownership.
References
- DELL SECUREWORKS COUNTER THREAT UNIT THREAT INTELLIGENCE. (2012, September 18). The Mirage Campaign. Retrieved March 6, 2017.
×