Skip to main content

AWS Route 53 domain registered

ID:aws_route53_domain_registered
Data type:AWS CloudTrail
Severity:
Informational
-
Low
MITRE ATT&CK:TA0042:T1583.001

Description

AlphaSOC detected a registration of a new domain using AWS Route 53. This activity involves the enrollment of a domain name through Amazon's Domain Name System (DNS) web service. While domain registration is often legitimate, it can also be misused by threat actors for malicious purposes.

Impact

The registration of new domains can be be used by threat actors to host malicious content, conduct phishing campaigns, and set up C2 servers. This can lead to data breaches and network infrastructure compromise if the domain is used as part of an attack against the organization.

Severity

SeverityCondition
Informational
Domain registered using Route 53
Low
Multiple domains registered using Route 53

Investigation and Remediation

Investigate the legitimacy of the newly registered domain. If unauthorized, identify the user responsible for the action. If malicious, delete the domain. Review DNS logs and network traffic for connections to the domain. If compromised, reset credentials and scan affected systems for malware.