Use multiple DNS infrastructures

A technique used by the adversary similar to Dynamic DNS with the exception that the use of multiple DNS infrastructures likely have whois records. [1]

ID: T1327
Sub-techniques:  No sub-techniques
Tactic: Establish & Maintain Infrastructure
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): Partial

Explanation: This is by design captured in public registration logs. Various tools and services exist to track/query/monitor domain name registration information. However, tracking multiple DNS infrastructures will likely require multiple tools/services or more advanced analytics.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Requires more planning, but feasible.


  1. Brian Krebs. (2015, May 18). St. Louis Federal Reserve Suffers DNS Breach. Retrieved March 6, 2017.