Search Open Technical Databases: WHOIS
Other sub-techniques of Search Open Technical Databases (5)
Adversaries may search public WHOIS data for information about victims that can be used during targeting. WHOIS data is stored by regional Internet registries (RIR) responsible for allocating and assigning Internet resources such as domain names. Anyone can query WHOIS servers for information about a registered domain, such as assigned IP blocks, contact information, and DNS nameservers.(Citation: WHOIS) Adversaries may search WHOIS data to gather actionable information. Threat actors can use online resources or command-line utilities to pillage through WHOIS data for information about potential victims. Information from these sources may reveal opportunities for other forms of reconnaissance (ex: Active Scanning or Phishing for Information), establishing operational resources (ex: Acquire Infrastructure or Compromise Infrastructure), and/or initial access (ex: External Remote Services or Trusted Relationship).
Контрмеры |
|
| Контрмера | Описание |
|---|---|
| Pre-compromise |
This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques. |
Обнаружение
Much of this activity may have a very high occurrence and associated false positive rate, as well as potentially taking place outside the visibility of the target organization, making detection difficult for defenders. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access.
Связанные риски
| Риск | Связи | |
|---|---|---|
|
Раскрытие информации о работниках организации из-за
публикации информации в открытых источниках в интернете
Конфиденциальность
Раскрытие информации
НСД
|
||
|
Раскрытие информации об ИТ инфраструктуре из-за
публикации информации в открытых источниках в интернете
Конфиденциальность
Раскрытие информации
|