EXPLORE

← Back to Explore

T1568

Dynamic Resolution

Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. These calculations can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control. Adversaries may use dynamic resolution for the purpose ...

LinuxmacOSWindowsESXi

10

Detections

2

Sources

6

Threat Actors

BY SOURCE

9elastic1sigma

PROCEDURES (8)

Beacon2 detections

Auto-extracted: 2 detections for beacon

Dns2 detections

Auto-extracted: 2 detections for dns

Download1 detections

Auto-extracted: 1 detections for download

Dns1 detections

Auto-extracted: 1 detections for dns

Download1 detections

Auto-extracted: 1 detections for download

Persist1 detections

Auto-extracted: 1 detections for persist

C21 detections

Auto-extracted: 1 detections for c2

C21 detections

Auto-extracted: 1 detections for c2

THREAT ACTORS (6)

APT29 BITTER Gamaredon Group RedEcho TA2541 Transparent Tribe

DETECTIONS (10)

Cobalt Strike Command and Control Beacon

Connection to Commonly Abused Web Services

Download from Suspicious Dyndns Hosts

Halfbaked Command and Control Beacon

Machine Learning Detected a DNS Request Predicted to be a DGA Domain

Machine Learning Detected a DNS Request With a High DGA Probability Score

Machine Learning Detected DGA activity using a known SUNBURST DNS domain

Possible FIN7 DGA Command and Control Behavior

Potential DGA Activity

Unusual DNS Activity