Adversaries may buy, lease, or rent a network of compromised systems that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks.(Citation: Norton Botnet) Adversaries may purchase a subscription to use an existing botnet from a booter/stresser service. With a botnet at their disposal, adversaries may perform follow-on activity such as large-scale Phishing or Distributed Denial of Service (DDoS).(Citation: Imperva DDoS for Hire)(Citation: Krebs-Anna)(Citation: Krebs-Bazaar)(Citation: Krebs-Booter)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| action.hacking.variety.DoS | Denial of service | related-to | T1583.005 | Acquire Infrastructure: Botnet |
| action.hacking.variety.Unknown | Unknown | related-to | T1583.005 | Acquire Infrastructure: Botnet |
| value_chain.development.variety.Bot | A small program that can be distributed, installed, and controlled en mass. | related-to | T1583.005 | Acquire Infrastructure: Botnet |
| value_chain.distribution.variety.Botnet | For content distributed from a collection of bots. | related-to | T1583.005 | Acquire Infrastructure: Botnet |