Abuse Matrices

Key

: The entity has the capability to detect / mitigate / prevent the threat
: The entity lacks the capability to detect / mitigate / prevent the threat

Detection

: The entity has the capability to detect
: The entity lacks the capability to detect

	Registrars	Registries	Authoritative Operators	Domain name resellers	Recursive Operators	Network Operators	Application Service Provider	Hosting Provider	Threat Intelligence Provider	Device, OS, & Application Software Developers	Domain Registrants	End User	Law Enforcement and Public Safety Authorities	CSIRTs / ISACs	Incident responder
DGAs											N/A
Domain name compromise
Lame delegations
DNS cache poisoning
DNS rebinding
DNS server compromise
Stub resolver hijacking
Local recursive resolver hijacking
On-path DNS attack
DoS against the DNS
DNS as a vector for DoS
Dynamic DNS resolution (as obfuscation technique)											N/A
Dynamic DNS resolution: Fast flux (as obfuscation technique)											N/A
Infiltration and exfiltration via the DNS											N/A
Malicious registration of (effective) second level domains											N/A
Creation of malicious subdomains under dynamic DNS providers											N/A
Compromise of a non-DNS server to conduct abuse
Spoofing or otherwise using unregistered domain names
Spoofing of a registered domain
DNS tunneling - tunneling another protocol over DNS
DNS beacons - C2 communication

: The entity has the capability to mitigate
: The entity lacks the capability to mitigate

	Registrars	Registries	Authoritative Operators	Domain name resellers	Recursive Operators	Network Operators	Application Service Provider	Hosting Provider	Threat Intelligence Provider	Device, OS, & Application Software Developers	Domain Registrants	End User	Law Enforcement and Public Safety Authorities	CSIRTs / ISACs	Incident responder
DGAs											N/A
Domain name compromise
Lame delegations
DNS cache poisoning
DNS rebinding
DNS server compromise
Stub resolver hijacking
Local recursive resolver hijacking
On-path DNS attack
DoS against the DNS
DNS as a vector for DoS
Dynamic DNS resolution (as obfuscation technique)											N/A
Dynamic DNS resolution: Fast flux (as obfuscation technique)											N/A
Infiltration and exfiltration via the DNS											N/A
Malicious registration of (effective) second level domains											N/A
Creation of malicious subdomains under dynamic DNS providers											N/A
Compromise of a non-DNS server to conduct abuse
Spoofing or otherwise using unregistered domain names
Spoofing of a registered domain
DNS tunneling - tunneling another protocol over DNS											N/A
DNS beacons - C2 communication											N/A

: The entity has the capability to prevent the threat
: The entity lacks the capability to prevent the threat

	Registrars	Registries	Authoritative Operators	Domain name resellers	Recursive Operators	Network Operators	Application Service Provider	Hosting Provider	Threat Intelligence Provider	Device, OS, & Application Software Developers	Domain Registrants	End User	Law Enforcement and Public Safety Authorities	CSIRTs / ISACs	Incident responder
DGAs											N/A
Domain name compromise
Lame delegations
DNS cache poisoning
DNS rebinding
DNS server compromise
Stub resolver hijacking
Local recursive resolver hijacking
On-path DNS attack
DoS against the DNS
DNS as a vector for DoS
Dynamic DNS resolution (as obfuscation technique)
Dynamic DNS resolution: Fast flux (as obfuscation technique)
Infiltration and exfiltration via the DNS
Malicious registration of (effective) second level domains											N/A
Creation of malicious subdomains under dynamic DNS providers											N/A
Compromise of a non-DNS server to conduct abuse
Spoofing or otherwise using unregistered domain names
Spoofing of a registered domain (for abuse)											N/A
DNS tunneling - tunneling another protocol over DNS
DNS beacons - C2 communication