diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 519b8cb1..e26ae57b 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -2148,7 +2148,7 @@ credential-access:
         domain:
           description: Targeted Active Directory domain FQDN
           type: String
-          default: example.com
+          default: "%userdnsdomain%"
         account:
           description: Account to impersonate
           type: String
diff --git a/atomics/T1558.001/T1558.001.md b/atomics/T1558.001/T1558.001.md
index e1f8fd7c..80ee7b38 100644
--- a/atomics/T1558.001/T1558.001.md
+++ b/atomics/T1558.001/T1558.001.md
@@ -31,7 +31,7 @@ The generated ticket is injected in a new empty Windows session and discarded af
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
 | domain_sid | SID of the targeted domain, if you keep default it will automatically get the current domain SID | String | S-1-5-21-DEFAULT|
-| domain | Targeted Active Directory domain FQDN | String | example.com|
+| domain | Targeted Active Directory domain FQDN | String | %userdnsdomain%|
 | account | Account to impersonate | String | goldenticketfakeuser|
 | krbtgt_aes256_key | Krbtgt AES256 key | String | b7268361386090314acce8d9367e55f55865e7ef8e670fbe4262d6c94098a9e9|
 | mimikatz_path | Mimikatz windows executable | Path | $env:TEMP\mimikatz\x64\mimikatz.exe|