Common Information
| Type | Value |
|---|---|
| Value |
Domains - T1583.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may acquire domains that can be used during targeting. Domain names are the human readable names used to represent one or more IP addresses. They can be purchased or, in some cases, acquired for free. Adversaries may use acquired domains for a variety of purposes, including for [Phishing](https://attack.mitre.org/techniques/T1566), [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), and Command and Control.(Citation: CISA MSS Sep 2020) Adversaries may choose domains that are similar to legitimate domains, including through use of homoglyphs or use of a different top-level domain (TLD).(Citation: FireEye APT28)(Citation: PaypalScam) Typosquatting may be used to aid in delivery of payloads via [Drive-by Compromise](https://attack.mitre.org/techniques/T1189). Adversaries may also use internationalized domain names (IDNs) and different character sets (e.g. Cyrillic, Greek, etc.) to execute "IDN homograph attacks," creating visually similar lookalike domains used to deliver malware to victim machines.(Citation: CISA IDN ST05-016)(Citation: tt_httrack_fake_domains)(Citation: tt_obliqueRAT)(Citation: httrack_unhcr)(Citation: lazgroup_idn_phishing) Different URIs/URLs may also be dynamically generated to uniquely serve malicious content to victims (including one-time, single use domain names).(Citation: iOS URL Scheme)(Citation: URI)(Citation: URI Use)(Citation: URI Unique) Adversaries may also acquire and repurpose expired domains, which may be potentially already allowlisted/trusted by defenders based on an existing reputation/history.(Citation: Categorisation_not_boundary)(Citation: Domain_Steal_CC)(Citation: Redirectors_Domain_Fronting)(Citation: bypass_webproxy_filtering) Domain registrars each maintain a publicly viewable database that displays contact information for every registered domain. Private WHOIS services display alternative information, such as their own company data, rather than the owner of the domain. Adversaries may use such private WHOIS services to obscure information about who owns a purchased domain. Adversaries may further interrupt efforts to track their infrastructure by using varied registration information and purchasing domains with different domain registrars.(Citation: Mandiant APT1) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2018-06-18 | 10 | Check Point Researchers Discover Cyber-Criminals Exploiting World Cup Fever with Wallchart Phishing Campaign - Check Point Software | ||
| Details | Website | 2018-06-15 | 1 | Using PowerShell providers | ||
| Details | Website | 2018-06-14 | 57 | Phishing anniversary: Here’s a free $50/month subscription | WeLiveSecurity | ||
| Details | Website | 2018-06-13 | 21 | LuckyMouse hits national data center to organize country-level waterholing campaign | ||
| Details | Website | 2018-06-11 | 18 | Bondat Worm Struck Again! Built Botnets for Mining Cryptocurrency and Attacking WordPress | 360 Total Security Blog | ||
| Details | Website | 2018-06-11 | 0 | IoT and Satellite Security in the Age of 5G | ||
| Details | Website | 2018-06-09 | 5 | CuteCats.exe and the Arab Spring: Governments vs Dissidents - Privacy PC | ||
| Details | Website | 2018-06-09 | 1 | Prowling Peer-to-Peer Botnets after Dark: Ins and Outs of the P2P Underworld - Privacy PC | ||
| Details | Website | 2018-06-09 | 2 | From Russia with Love.exe – The Russian Underground Hacking Culture - Privacy PC | ||
| Details | Website | 2018-06-09 | 0 | A Password Is Not Enough: Why Disk Encryption Is Broken and How We Might Fix It - Privacy PC | ||
| Details | Website | 2018-06-09 | 7 | Apple vs. Google Client Platforms: iPad and Chromebook comparison - Privacy PC | ||
| Details | Website | 2018-06-09 | 11 | Advanced Phishing Tactics Beyond User Awareness - Privacy PC | ||
| Details | Website | 2018-06-09 | 7 | How not to suck at pen testing - John Strand - Privacy PC | ||
| Details | Website | 2018-06-09 | 1 | The New Scourge of Ransomware: A Study of CryptoLocker and Its Friends - Privacy PC | ||
| Details | Website | 2018-06-09 | 6 | Adaptive Penetration Testing by Kevin Mitnick & Dave Kennedy - Privacy PC | ||
| Details | Website | 2018-06-09 | 79 | Ransomware Chronicle 2016 - Privacy PC | ||
| Details | Website | 2018-06-07 | 71 | Patchwork APT Group Targets US Think Tanks | Volexity | ||
| Details | Website | 2018-06-06 | 16 | Banking Trojans Under Development - Check Point Research | ||
| Details | Website | 2018-06-06 | 11 | A MitM extension for Chrome | ||
| Details | Website | 2018-06-06 | 8 | There are More than 80 Ways to Analyze Them | ||
| Details | Website | 2018-06-06 | 196 | VPNFilter Update - VPNFilter exploits endpoints, targets new devices | ||
| Details | Website | 2018-06-06 | 45 | Sofacy Group’s Parallel Attacks | ||
| Details | Website | 2018-06-03 | 5 | Inside Firefox’s DOH engine | daniel.haxx.se | ||
| Details | Website | 2018-06-01 | 5 | No Place Like Chrome | ||
| Details | Website | 2018-05-31 | 15 | NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea |