T1584.005 Botnet Mappings

Adversaries may compromise numerous third-party systems to form a botnet that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks.(Citation: Norton Botnet) Instead of purchasing/renting a botnet from a booter/stresser service(Citation: Imperva DDoS for Hire), adversaries may build their own botnet by compromising numerous third-party systems. Adversaries may also conduct a takeover of an existing botnet, such as redirecting bots to adversary-controlled C2 servers.(Citation: Dell Dridex Oct 2015) With a botnet at their disposal, adversaries may perform follow-on activity such as large-scale Phishing or Distributed Denial of Service (DDoS).

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.DoS Denial of service related-to T1584.005 Compromise Infrastructure: Botnet
action.hacking.variety.Unknown Unknown related-to T1584.005 Compromise Infrastructure: Botnet
value_chain.distribution.variety.Other The variety of distribution was known, but is not listed related-to T1584.005 Compromise Infrastructure: Botnet
value_chain.non-distribution services.variety.Other The variety of non-distribution service required is known, but is not listed related-to T1584.005 Compromise Infrastructure: Botnet