Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Command and Control/ T1568

T1568Dynamic Resolution

T1568 — Dynamic Resolution is a MITRE ATT&CK technique in the Command and Control tactic. Clankerusecase tracks 19 detection use cases covering it and 19 threat-intel articles citing it.

Command and Control
View on the matrix → Filter Detection Library MITRE official spec ↗
19Use cases
19Articles
3Sub-techniques
1Tactic

Sub-techniques (3)

T1568.003 · DNS CalculationT1568.002 · Domain Generation AlgorithmsT1568.001 · Fast Flux DNS

Use cases covering this technique (19)

[LLM] Sniper Dz seized phishing infrastructure callback (post-takedown beacons) Bespoke c2 · alerting DSΣPDDCS [LLM] Connection to RoguePlanet PoC C2 Domain projectnightcrawler.dev Bespoke c2 · alerting DSΣPDDCS [LLM] Outbound DNS / HTTP to Miasma C2 (git-service.com / m-kosche.com) Bespoke c2 · alerting DSΣPDDCS [LLM] Miasma C2 / IOC domain resolution: check.git-service.com, t.m-kosche.com, git-service.com Bespoke c2 · alerting DSΣPDDCS [LLM] Connection to AI-brand phishing / installer C2 infrastructure (MSTI June 2026 IOCs) Bespoke c2 · alerting DSΣPDDCS [LLM] C2 beacon to audit.checkmarx[.]cx /v1/telemetry (TeamPCP Shai-Hulud Third Coming) Bespoke c2 · alerting DSΣPDDCS [LLM] TamperedChef C2 / distribution callback to appsuites.ai and sibling domains Bespoke c2 · alerting DSΣPDDCS [LLM] Mini Shai-Hulud / TeamPCP C2 beacon to api.masscan.cloud / git-tanstack.com / *.getsession.org Bespoke c2 · alerting DSPDDCS [LLM] BadIIS C2 IP / domain beacon (lee.6686ty.vip, iis.01nmwe.xyz) Bespoke c2 · hunting DSΣPDDCS [LLM] node-ipc C2 callback to sh.azurestaticprovider.net (May 2026 npm supply-chain) Bespoke c2 · alerting DSΣPDDCS [LLM] Mini Shai-Hulud npm Worm C2 callback to Session Protocol CDN and masscan.cloud Bespoke c2 · alerting DSΣPDDCS [LLM] axios Supply Chain RAT C2 Callback to sfrclak.com (Port 8000) Bespoke c2 · alerting DSΣPDDCS [LLM] C2 beaconing to Vercel-hosted Cloudflare-impersonating domains (cloudflareguard / cloudflareinsights) Bespoke c2 · alerting DSΣPDD [LLM] Egress to Qix npm phishing/exfil infrastructure (npmjs.help, publicvm.com, BunnyCDN buckets) Bespoke c2 · hunting DSΣPDDCS [LLM] Scavenger npm malware C2 beacon to firebase.su / dieorsuffer.com / smartscreen-api.com Bespoke c2 · alerting DSΣPDD [LLM] Beamglea mad-* dead-drop fetch from raw.githubusercontent.com/Abassdos2992 Bespoke c2 · alerting DSΣPDDCS [LLM] Scavenger C2 callback: ifyouseethisyouareultragay[.]com / pokerainteasy[.]su Bespoke c2 · alerting DSΣPDD [LLM] Scavenger Stealer C2 beacon to corroborated infrastructure (datahog.su / datalytica.su / smartscreen-api.com) Bespoke c2 · alerting DSΣPDDCS [LLM] Egress to Solidity Language Cursor extension C2 infrastructure (angelic.su / lmfao.su / staketree.net / ab498.pythonanywhere.com / 144.172.1 Bespoke c2 · hunting DSΣPDDCS

Articles citing this technique (19)

high INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator art-33
crit Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows art-71
crit Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Ag art-79
crit Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues art-82
crit AI brands as bait: How threat actors are using the AI hype in social engineering art-102
crit The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) art-143
crit Tracking TamperedChef Clusters via Certificate and Code Reuse art-237
crit [GHSA / CRITICAL] GHSA-27f5-xjrr-q9ff: Malware in @opensearch-project/opensearch art-263
crit From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat art-265
crit Active Supply Chain Attack: Malicious node-ipc Versions Published to npm art-269
crit TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages art-312
crit axios Compromised on npm - Malicious Versions Drop Remote Access Trojan art-401
crit Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys art-433
high 20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...) art-537
crit Another npm Supply Chain Attack: The 'is' Package Compromise art-554
crit Phishing Campaign Leveraging the NPM Ecosystem art-754
high Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise art-824
crit Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware art-837
high Cursor IDE Malware Extension Compromise in $500k Crypto Heist art-842