Skip to main content

Registered domain impersonating a known brand

ID:imposter_registered_domain
Data type:DNS
Severity:
Low
MITRE ATT&CK:TA0001:T1566

Description

AlphaSOC detected a newly registered domain that appears to impersonate a known brand. This is a common tactic used by threat actors to conduct phishing campaigns or other malicious activities. By registering domains that closely resemble the fully-qualified domain names (FQDNs), adversaries aim to deceive users into believing they are interacting with a trusted entity.

Impact

Domain impersonation can have significant consequences for both the targeted organization and its customers. By accessing the impersonated domain, users are tricked by the threat actor into using their services, which can be used for financial fraud. It also affects the brand's reputation and consumer trust.

Severity

SeverityCondition
Low
Registered domain impersonating a known brand

Investigation and Remediation

Investigate the detected domain by analyzing its registration details, associated IP addresses, and any related infrastructure. Compare it to the legitimate domains of the impersonated brand. If confirmed as malicious, implement firewall rules to prevent communication with the related infrastructure.

Known False Positives

  • Domains registered by the brand for future use or defensive purposes
  • Domains with similar names belonging to unrelated but legitimate businesses