TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Use multiple DNS infrastructures
Use multiple DNS infrastructures
A technique used by the adversary similar to Dynamic DNS with the exception that the use of multiple DNS infrastructures likely have whois records. [1]
ID: T1327
Sub-techniques:
No sub-techniques
Tactic:
Establish & Maintain Infrastructure
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Detection
Detectable by Common Defenses (Yes/No/Partial): Partial
Explanation: This is by design captured in public registration logs. Various tools and services exist to track/query/monitor domain name registration information. However, tracking multiple DNS infrastructures will likely require multiple tools/services or more advanced analytics.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Requires more planning, but feasible.
References
- Brian Krebs. (2015, May 18). St. Louis Federal Reserve Suffers DNS Breach. Retrieved March 6, 2017.
×