Buy domain name

Domain Names are the human readable names used to represent one or more IP addresses. They can be purchased or, in some cases, acquired for free. ^[1]

ID: T1328

Tactic: Establish & Maintain Infrastructure

Version: 1.0

Examples

Name	Description
APT28	APT28 registered domains imitating NATO and OSCE security websites and Caucasus information resources.^[2]

Detection

Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: This is by design captured in public registration logs. Various tools and services exist to track/query/monitor domain name registration information.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Proliferation of DNS TLDs and registrars. Adversary may choose domains that are similar to legitimate domains (aka "domain typosquatting" or homoglyphs).

References

Tom Lancaster and Michael Yip. (2014, December 05). APT28: Sofacy? So-funny.. Retrieved March 6, 2017.

FireEye. (2015). APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?. Retrieved August 19, 2015.