AWS Route 53 domain registered
Description
AlphaSOC detected a registration of a new domain using AWS Route 53. This activity involves the enrollment of a domain name through Amazon's Domain Name System (DNS) web service. While domain registration is often legitimate, it can also be misused by threat actors for malicious purposes.
Impact
The registration of new domains can be be used by threat actors to host malicious content, conduct phishing campaigns, and set up C2 servers. This can lead to data breaches and network infrastructure compromise if the domain is used as part of an attack against the organization.
Severity
Severity | Condition |
---|---|
Informational | Domain registered using Route 53 |
Low | Multiple domains registered using Route 53 |
Investigation and Remediation
Investigate the legitimacy of the newly registered domain. If unauthorized, identify the user responsible for the action. If malicious, delete the domain. Review DNS logs and network traffic for connections to the domain. If compromised, reset credentials and scan affected systems for malware.