Compromise Infrastructure: Botnet (T1584.005)
Tactic: Resource Development · Platforms: PRE
The interactive view maps 1 detection strategy, 1 mitigation, 5 threat groups, 1 campaign to this technique, alongside D3FEND countermeasures and data-component coverage.
Sub-technique of Compromise Infrastructure (T1584).
Overview
Adversaries may compromise numerous third-party systems to form a botnet that can be used during targeting. A botnet is a network of compromised systems that can be instructed to perform coordinated tasks. Instead of purchasing/renting a botnet from a booter/stresser service, adversaries may build their own botnet by compromising numerous third-party systems. Adversaries may also conduct a takeover of an existing botnet, such as redirecting bots to adversary-controlled C2 servers. With a botnet at their disposal, adversaries may perform follow-on activity such as large-scale Phishing or Distributed Denial of Service (DDoS).