Rogue DNS: Threat Intelligence Profile

Rogue DNS (also known as Rogue DNS, DNS Hijacking) is a security tool / technique active since Ongoing. DNS hijacking and manipulation. Key characteristics include: DNS poisoning, router DNS hijacking, pharming attacks, credential interception.

Overview & Background

DNS hijacking and manipulation. First identified in Ongoing, this threat is attributed to Various.

• Category: Security Tool / Technique
• Active since: Ongoing
• Attribution: Various
• Also known as: Rogue DNS, DNS Hijacking

Technical Analysis

Rogue DNS employs the following capabilities and techniques:

• Dns Poisoning: Core functionality
• Router Dns Hijacking: Core functionality
• Pharming Attacks: Core functionality
• Credential Interception: Core functionality

MITRE ATT&CK Mapping

Detection & Defense

• Endpoint detection: Deploy behavioral detection rules for Rogue DNS indicators
• Network monitoring: Monitor for C2 traffic patterns and anomalous connections
• Threat intelligence: Track Rogue DNS IOCs and campaign updates
• Security awareness: Train users to recognize phishing and social engineering
• Patch management: Keep systems updated to prevent exploitation