T1583.005 Botnet Mappings

Adversaries may buy, lease, or rent a network of compromised systems that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks.(Citation: Norton Botnet) Adversaries may purchase a subscription to use an existing botnet from a booter/stresser service. With a botnet at their disposal, adversaries may perform follow-on activity such as large-scale Phishing or Distributed Denial of Service (DDoS).(Citation: Imperva DDoS for Hire)(Citation: Krebs-Anna)(Citation: Krebs-Bazaar)(Citation: Krebs-Booter)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.DoS Denial of service related-to T1583.005 Acquire Infrastructure: Botnet
action.hacking.variety.Unknown Unknown related-to T1583.005 Acquire Infrastructure: Botnet
value_chain.development.variety.Bot A small program that can be distributed, installed, and controlled en mass. related-to T1583.005 Acquire Infrastructure: Botnet
value_chain.distribution.variety.Botnet For content distributed from a collection of bots. related-to T1583.005 Acquire Infrastructure: Botnet