Engage Goals: EGO0001 Expose, EGO0003 Elicit
Engage Approach: EAP0001 Collect, EAP0002 Detect
Engage Actions: EAC0015 Information Manipulation, EAC0016 Network Manipulation
Name of Element: Spoofed DNS Records
Description of Element:
This element involves creating fake DNS records that point to deceptive systems or services.
Technical Context:
Placement: Within the organization’s DNS server or zone files.
This element can be used to identify attackers attempting to resolve internal domain names or to redirect attackers to a controlled environment.
Other:
Att&ck/Engage Mapping: T1583.001 Acquire Infrastructure: Domains / E1505 Decoy Network
This element requires careful configuration to avoid interfering with legitimate DNS resolution.