Dynamic Resolution (T1568)

View on ATT&CK

In Playbook

Technique & Subtechniques

Associated Tactics

  • Command And Control

Command and Control (TA0011)

The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Brumaghin, E. et al. (2017, September 18). CCleanup: A Vast Number of Machines at Risk. Retrieved March 9, 2018. Talos CCleanup 2017
Dunwoody, M.. (2017, April 3). Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY). Retrieved April 5, 2017. FireEye POSHSPY April 2017
ESET. (2017, December 21). Sednit update: How Fancy Bear Spent the Year. Retrieved February 18, 2019. ESET Sednit 2017 Activity
Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019. Data Driven Security DGA