Skip to content

DC0101 Domain Registration

Item Value
ID DC0101
Version 2.0
Created 20 October 2021
Last Modified 21 October 2025

Log Sources

Name Channel
dns:query Excessive lookups for domains with suspicious WHOIS or short TTL values
Domain Name None
esxi:vmkernel DNS lookups resolving to domains with rapid changes in registration metadata

Detection Strategy

ID Name Technique Detected
DET0895 Detection of Acquire Infrastructure T1583
DET0885 Detection of Compromise Infrastructure T1584
DET0863 Detection of Domains T1584.001
DET0892 Detection of Domains T1583.001
DET0411 Detection Strategy for Hide Infrastructure T1665