Common Information
Type Value
Value
Domains - T1584.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may hijack domains and/or subdomains that can be used during targeting. Domain registration hijacking is the act of changing the registration of a domain name without the permission of the original registrant.(Citation: ICANNDomainNameHijacking) Adversaries may gain access to an email account for the person listed as the owner of the domain. The adversary can then claim that they forgot their password in order to make changes to the domain registration. Other possibilities include social engineering a domain registration help desk to gain access to an account or taking advantage of renewal process gaps.(Citation: Krebs DNS Hijack 2019) Subdomain hijacking can occur when organizations have DNS entries that point to non-existent or deprovisioned resources. In such cases, an adversary may take control of a subdomain to conduct operations with the benefit of the trust associated with that domain.(Citation: Microsoft Sub Takeover 2020) Adversaries who compromise a domain may also engage in domain shadowing by creating malicious subdomains under their control while keeping any existing DNS records. As service will not be disrupted, the malicious subdomains may go unnoticed for long periods of time.(Citation: Palo Alto Unit 42 Domain Shadowing 2022)
Details Published Attributes CTI Title
Details Website 2035-08-05 23 Inside Jahoo (Otlard.A ?) - A spam Botnet
Details Website 2025-12-17 17 Stories from the SOC: Caught in the Trap: Detecting and…
Details Website 2025-11-07 1 Vault7 - Home
Details Website 2025-09-01 0 How ThreatConnect and Polarity Empower Teams to Combat Phishing Threats | ThreatConnect
Details Website 2025-01-22 14 Entra Connect Attacker Tradecraft: Part 2
Details Website 2025-01-22 95 Pivoting for Nosviak
Details Website 2025-01-22 12 Entra Connect Attacker Tradecraft: Part 2
Details Website 2025-01-22 2 UK Mail Check: DMARC Reporting Changes to Know
Details Website 2025-01-22 1 Automating Threat Data Retrieval: How ThreatConnect, Polarity, and the TQL Generator are Changing the Game | ThreatConnect
Details Website 2025-01-22 1 Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance
Details Website 2025-01-22 0 From Managerial Mindset to Cloud Mastery: My CISSP & CCSP Journey
Details Website 2025-01-22 87 ValleyRAT: A Rootkit Leveraging Stolen Certificates and Bypassing AVs
Details Website 2025-01-22 25 Entra Connect Attacker Tradecraft: Part 2
Details Website 2025-01-22 1 Demystifying Cyber Attacks with MITRE ATT&CK Framework
Details Website 2025-01-22 2 Cyber Warfare and National Security: Assessing Vulnerabilities through Real Events
Details Website 2025-01-22 127 Targeted supply chain attack against Chrome browser extensions
Details Website 2025-01-22 2 SSL Certificates: Essential for Online Security and Trust
Details Website 2025-01-22 8 Understanding Social Engineering and Phishing
Details Website 2025-01-22 0 Celebrating a Milestone: Passing the ISC2 Certified in Cybersecurity (CC) Exam
Details Website 2025-01-22 26 Authentication and Single Sign-On: Essential Technical Foundations
Details Website 2025-01-22 0 Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance - ReliaQuest
Details Website 2025-01-22 2 Preventing Phishing Attacks, Before They Catch You
Details Website 2025-01-22 2 Preventing Phishing Attacks, Before They Catch You
Details Website 2025-01-22 0 Criminal IP and OnTheHub Partner to Deliver Advanced Cybersecurity Solutions for Education
Details Website 2025-01-22 14 Earn $100–500 after Pentesting OAuth