T1583.005 Botnet
Adversaries may buy, lease, or rent a network of compromised systems that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks.1 Adversaries may purchase a subscription to use an existing botnet from a booter/stresser service. With a botnet at their disposal, adversaries may perform follow-on activity such as large-scale Phishing or Distributed Denial of Service (DDoS).2345
| Item | Value |
|---|---|
| ID | T1583.005 |
| Sub-techniques | T1583.001, T1583.002, T1583.003, T1583.004, T1583.005, T1583.006, T1583.007, T1583.008 |
| Tactics | TA0042 |
| Platforms | PRE |
| Version | 1.0 |
| Created | 01 October 2020 |
| Last Modified | 15 April 2021 |
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| M1056 | Pre-compromise | This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls. |
References
-
Norton. (n.d.). What is a botnet?. Retrieved October 4, 2020. ↩
-
Imperva. (n.d.). Booters, Stressers and DDoSers. Retrieved October 4, 2020. ↩
-
Brian Krebs. (2017, January 18). Who is Anna-Senpai, the Mirai Worm Author?. Retrieved May 15, 2017. ↩
-
Brian Krebs. (2016, October 31). Hackforums Shutters Booter Service Bazaar. Retrieved May 15, 2017. ↩
-
Brian Krebs. (2016, October 27). Are the Days of “Booter” Services Numbered?. Retrieved May 15, 2017. ↩