TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Buy domain name
Buy domain name
Domain Names are the human readable names used to represent one or more IP addresses. They can be purchased or, in some cases, acquired for free. [1]
ID: T1328
Tactic:
Establish & Maintain Infrastructure
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Procedure Examples
| Name | Description |
|---|---|
| APT28 |
APT28 registered domains imitating NATO and OSCE security websites and Caucasus information resources.[2] |
Detection
Detectable by Common Defenses (Yes/No/Partial): Yes
Explanation: This is by design captured in public registration logs. Various tools and services exist to track/query/monitor domain name registration information.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Proliferation of DNS TLDs and registrars. Adversary may choose domains that are similar to legitimate domains (aka "domain typosquatting" or homoglyphs).
References
- Tom Lancaster and Michael Yip. (2014, December 05). APT28: Sofacy? So-funny.. Retrieved March 6, 2017.
×