Skuggaheimar/Threat Intelligence/NXDOMAIN Abuse
NXDOMAIN ABUSE
NXDOMAIN
SECURITY TOOL / TECHNIQUE
VARIOUS
Threat IntelligenceMalwareMay 21, 202515 min read

NXDOMAIN Abuse: Threat Intelligence Profile

Excessive failed DNS resolution abuse

Scroll

NXDOMAIN Abuse (also known as NXDOMAIN, DNS tunneling) is a security tool / technique active since Ongoing. Excessive failed DNS resolution abuse. Key characteristics include: DGA indicators, DNS tunneling, data exfiltration via DNS, beaconing detection.

Overview & Background

Excessive failed DNS resolution abuse. First identified in Ongoing, this threat is attributed to Various.

Threat Assessment

NXDOMAIN Abuse remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this security tool / technique.

Technical Analysis

NXDOMAIN Abuse employs the following capabilities and techniques:

MITRE ATT&CK Mapping

TacticTechniqueUsage
Initial AccessT1566.001 Phishing AttachmentCommon delivery vector
ExecutionT1204.002 Malicious FileUser-triggered execution
PersistenceT1547.001 Registry Run KeysAutostart persistence
Defense EvasionT1027 Obfuscated FilesPayload obfuscation
C2T1071.001 Web ProtocolsHTTP/HTTPS C2

Detection & Defense

Defend Against NXDOMAIN Abuse

Mjolnir Security provides detection and response capabilities against NXDOMAIN Abuse and similar threats.

Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
  • Proactive Threat Hunting Hunt for NXDOMAIN Abuse indicators and TTPs within your environment.
  • Threat Intelligence Monitor NXDOMAIN Abuse campaigns and infrastructure changes.
  • 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security  |  Published: May 21, 2025
Related Reports
Tool

Cobalt Strike: Adversary's Arsenal

Read Report →
Tool

Metasploit Framework

Read Report →