| ID | Name |
|---|---|
| ATAGS-T1185.001 | Fast Flux DNS |
| ATAGS-T1185.002 | Domain Generation Algorithms |
| ATAGS-T1185.003 | DNS Calculation |
Threat Actors may perform calculations on addresses returned in DNS results to determine which port and IP address to use for command and control, rather than relying on a predetermined port number or the actual returned IP address. A IP and/or port number calculation can be used to bypass egress filtering on a C2 channel.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.