T1583.005SubTechniqueresource-developmentagent-callable

T1583.005Botnet

Sub-technique of T1583

Platforms: PRE

ATT&CK version: 14.1

What it is

Adversaries may buy, lease, or rent a network of compromised systems that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks.(Citation: Norton Botnet) Adversaries may purchase a subscription to use an existing botnet from a booter/stresser service. With a botnet at their disposal, adversaries may perform follow-on activity such as large-scale [Phishing](https://attack.mitre.org/techniques/T1566) or Distributed Denial of Service (DDoS).(Citation: Imperva DDoS for Hire)(Citation: Krebs-Anna)(Citation: Krebs-Bazaar)(Citation: Krebs-Booter)

ATT&CK tactics· 1

Resource Development

References

  1. https://attack.mitre.org/techniques/T1583/005
  2. https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html
  3. https://www.imperva.com/learn/ddos/booters-stressers-ddosers/
  4. https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
  5. https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/
  6. https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.