T1568 - DPRK Threat Intelligence

#T1568 Dynamic Resolution

Technique

Tactics: Command And Control
Description:
Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. These calculations can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.

Adversaries may use dynamic resolution for the purpose of [Fallback Channels](https://attack.mitre.org/techniques/T1008). When contact is lost with the primary command and control server malware may employ dynamic resolution as a means to reestablishing command and control.(Citation: Talos CCleanup 2017)(Citation: FireEye POSHSPY April 2017)(Citation: ESET Sednit 2017 Activity)
First Seen: DPRK-NEXUS ADVERSARY TARGETS SOUTH-KOREAN INDIVIDUALS IN A NEW CHAPTER OF KITTY PHISHING OPERATION • 2022-04-11

MITRE ATT&CK

3

Tagged Reports
3

Unique Authors
1,226

Active Days

Tagged Reports

2025-08-18

Trellix

The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign

#Kimsuky #LNK #Phishing #XenoRAT #T1134 #T1102.002 #T1059.005 #T1106 #T1027 #T1568 #T1082 #T1566.001 #T1087.001 #T1567.002 #T1102.003 #T1053.005 #T1071.004 #T1204.002 #T1105 #T1071.001 #T1112 #T1083 #T1059.001 #T1569 #T1033 #T1036.005 #T1566.002 #T1569.002

2022-08-24

Iron Net

Defending in a hostile environment: Key findings from the BlackHat NOC

#Kimsuky #SHARPEXT #T1046 #T1566 #T1090 #T1571 #T1095 #T1568 #T1071 #T1132

2022-04-11

Cluster25

DPRK-NEXUS ADVERSARY TARGETS SOUTH-KOREAN INDIVIDUALS IN A NEW CHAPTER OF KITTY PHISHING OPERATION

#KittyPhishing #T1573 #T1562.001 #T1203 #T1036 #T1106 #T1059.005 #T1027.002 #T1071 #T1568 #T1057 #T1082 #T1406 #T1518.001 #T1221 #T1566.001 #T1006 #T1547.001 #T1560 #T1105 #T1083 #T1497 #T1566.002

« Back