Dynamic DNS

Dynamic DNS is a automated method to rapidly update the domain name system mapping of hostnames to IPs. [1]

ID: T1333
Sub-techniques:  No sub-techniques
Tactic: Establish & Maintain Infrastructure
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Similar Techniques by Tactic

Tactic Technique
Adversary Opsec Dynamic DNS

Procedure Examples

Name Description

APT1 used dynamic DNS to register hundreds of FQDNs.[2]


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defender will not know at first use what is valid or hostile traffic without more context.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: It is relatively easy to subscribe to dynamic DNS providers or find ways to get different IP addresses from a cloud provider.


  1. FireEye. (2014). SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye. Retrieved March 6, 2017.