| ID |
C0011 |
| Objective(s) |
Communication |
| Related ATT&CK Techniques |
None |
| Version |
2.2 |
| Created |
14 August 2020 |
| Last Modified |
29 April 2024 |
The DNS Communication micro-behavior focuses on DNS communication.
| Name |
ID |
Description |
| DDNS Domain Connect |
C0011.003 |
Connects to dynamic DNS domain. |
| Resolve |
C0011.001 |
Resolves a domain. |
| Resolve Free Hosting Domain |
C0011.005 |
Resolves a free hosting domain (e.g., freeiz.com). |
| Resolve TLD |
C0011.004 |
Resolves top level domain. |
| Server Connect |
C0011.002 |
Connects to DNS server. |
| Name |
Date |
Method |
Description |
| Hupigon |
2013 |
C0011.001 |
Hupigon resolves DNS. [1] |
| Shamoon |
2012 |
C0011.001 |
Shamoon resolves DNS. [1] |
| Tool: capa |
Mapping |
APIs |
| reference DNS over HTTPS endpoints |
DNS Communication::Server Connect (C0011.002) |
-- |
| resolve DNS |
DNS Communication::Resolve (C0011.001) |
ws2_32.gethostbyname, DnsQuery_A, DnsQuery_W, DnsQuery_UTF8, DnsQueryEx, getaddrinfo, GetAddrInfo, GetAddrInfoEx, gethostbyname, getaddrinfo, getnameinfo, gethostent, System.Net.Dns::GetHostAddresses |
Communication::DNS Communication::Resolve
SHA256: 000b535ab2a4fec86e2d8254f8ed65c6ebd37309ed68692c929f8f93a99233f6
Location: 0x472CD3
push ebx ; hostname to perform DNS lookup for
call WSOCK32.DLL::gethostbyname ; Windows function which will retrieve an object representing the specified host
[1] capa v4.0, analyzed at MITRE on 10/12/2022