Common Information
| Type | Value |
|---|---|
| Value |
Domains - T1584.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may hijack domains and/or subdomains that can be used during targeting. Domain registration hijacking is the act of changing the registration of a domain name without the permission of the original registrant.(Citation: ICANNDomainNameHijacking) Adversaries may gain access to an email account for the person listed as the owner of the domain. The adversary can then claim that they forgot their password in order to make changes to the domain registration. Other possibilities include social engineering a domain registration help desk to gain access to an account or taking advantage of renewal process gaps.(Citation: Krebs DNS Hijack 2019) Subdomain hijacking can occur when organizations have DNS entries that point to non-existent or deprovisioned resources. In such cases, an adversary may take control of a subdomain to conduct operations with the benefit of the trust associated with that domain.(Citation: Microsoft Sub Takeover 2020) Adversaries who compromise a domain may also engage in domain shadowing by creating malicious subdomains under their control while keeping any existing DNS records. As service will not be disrupted, the malicious subdomains may go unnoticed for long periods of time.(Citation: Palo Alto Unit 42 Domain Shadowing 2022) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2012-03-16 | 24 | Post mortem report on the sinowal/nu.nl incident | ||
| Details | Website | 2012-03-14 | 13 | BlackHat EU 2012 – Day 1 | Corelan Cybersecurity Research | ||
| Details | Website | 2012-03-03 | 8 | Android Debug Bridge (adb) | Android Developers | ||
| Details | Website | 2012-02-22 | 5 | Rovnix Reloaded: new step of evolution | WeLiveSecurity | ||
| Details | Website | 2012-02-17 | 1 | An Exploit Kit Was Sent To You | ||
| Details | Website | 2012-02-01 | 29 | TDL4 - Purple Haze (Pihar) Variant - sample and analysis | ||
| Details | Website | 2012-01-12 | 61 | Blackhole Ramnit - samples and analysis | ||
| Details | Website | 2012-01-04 | 5 | ZeuS – P2P+DGA variant – mapping out and understanding the threat | ||
| Details | Website | 2012-01-03 | 7 | (UAC) User Assisted Compromise :: malicious.link — welcome | ||
| Details | Website | 2011-12-30 | 82 | December 2011 Cyber Attacks Timeline (Part II) | ||
| Details | Website | 2011-12-21 | 24 | Postcards from the post-XSS world | ||
| Details | Website | 2011-12-19 | 43 | The truth behind "Yeah!! It happens on television!!"(A Facebook Spam) | ||
| Details | Website | 2011-12-11 | 36 | Troubleshooting faulty network connectivity, part 2: Essential network commands | ||
| Details | Website | 2011-11-29 | 0 | Danger worm hijacks Facebook accounts to inject banking Trojan | ||
| Details | Website | 2011-11-28 | 3 | Troubleshooting faulty network connectivity, part 1: A step-by-step guide | ||
| Details | Website | 2011-11-21 | 2 | Hexacorn | Blog Automation vs. In-depth Malware Analysis | ||
| Details | Website | 2011-11-16 | 191 | The Canadian Connection: An investigation of Syrian government and Hezbullah web hosting in Canada - The Citizen Lab | ||
| Details | Website | 2011-11-10 | 0 | Virus Bulletin :: Significant rise in Chinese phishing sites | ||
| Details | Website | 2011-10-19 | 169 | Dirt Jumper DDoS Bot - New versions, New targets | ||
| Details | Website | 2011-10-16 | 14 | October 2011 Cyber Attacks Timeline (Part I) | ||
| Details | Website | 2011-09-02 | 17 | August 2011 Cyber Attacks Timeline | ||
| Details | Website | 2011-08-30 | 3 | Hackers Get Hold Of Wildcard Google SSL Certificate - Could Hijack Gmail Accounts - Darknet - Hacking Tools, Hacker News & Cyber Security | ||
| Details | Website | 2011-08-29 | 101 | Aug 28 Morto / Tsclient - RDP worm with DDoS features | ||
| Details | Website | 2011-08-26 | 5 | The subtle / deadly problem with CSP | ||
| Details | Website | 2011-07-19 | 12 | What has happened to DNS Security? |