T1568.003 - DNS Calculation
Sub-technique
Tattiche:
Command and Control
Command and Control
Piattaforme:
Linux macOS Windows ESXi
Linux macOS Windows ESXi
Rilevamento:
Not specified
Not specified
Description:
Adversaries may perform calculations on addresses returned in DNS results to determine which port and IP address to use for command and control, rather than relying on a predetermined port number or the actual returned IP address. A IP and/or port number calculation can be used to bypass egress filtering on a C2 channel.(Citation: Meyers Numbered Panda)
One implementation of [DNS Calculation](https://attack.mitre.org/techniques/T1568/003) is to take the first three octets of an IP address in a DNS response and use those values to calculate the port for command and control traffic.(Citation: Meyers Numbered Panda)(Citation: Moran 2014)(Citation: Rapid7G20Espionage)
One implementation of [DNS Calculation](https://attack.mitre.org/techniques/T1568/003) is to take the first three octets of an IP address in a DNS response and use those values to calculate the port for command and control traffic.(Citation: Meyers Numbered Panda)(Citation: Moran 2014)(Citation: Rapid7G20Espionage)
Usato da Attori (1)
Metadata
| MITRE ID: | T1568.003 |
| STIX ID: | attack-pattern--83a766f8-1501-... |
| Piattaforme: | Linux, macOS, Windows, ESXi |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |