Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks

    justmattgBy justmattgMay 1, 2023No Comments3 Mins Read

    [ad_1]

    May 01, 2023Ravie Lakshmanan

    Decoy Dog Malware

    An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed Decoy Dog targeting enterprise networks.

    Decoy Dog, as the name implies, is evasive and employs techniques like strategic domain aging and DNS query dribbling, wherein a series of queries are transmitted to the command-and-control (C2) domains so as to not arouse any suspicion.

    “Decoy Dog is a cohesive toolkit with a number of highly unusual characteristics that make it uniquely identifiable, particularly when examining its domains on a DNS level,” Infoblox said in an advisory published late last month.

    The cybersecurity firm, which identified the malware in early April 2023 following anomalous DNS beaconing activity, said its atypical characteristics allowed it to map additional domains that are part of the attack infrastructure.

    Cybersecurity

    That said, the usage of Decoy Dog in the wild is “very rare,” with the DNS signature matching less than 0.0000027% of the 370 million active domains on the internet, according to the California-based company.

    One of the chief components of the toolkit is Pupy RAT, an open source trojan that’s delivered by means of a method called DNS tunneling, in which DNS queries and responses are used as a C2 for stealthily dropping payloads.

    Decoy Dog Malware

    It’s worth noting that the use of the cross-platform Pupy RAT has been linked to nation-state actors from China such as Earth Berberoka (aka GamblingPuppet) in the past, although there’s no evidence to suggest the actor’s involvement in this campaign.

    Further investigation into Decoy Dog suggests that the operation had been set up at least a year prior to its discovery, with three distinct infrastructure configurations detected to date.

    UPCOMING WEBINAR

    Learn to Stop Ransomware with Real-Time Protection

    Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

    Save My Seat!

    Another crucial aspect is the unusual DNS beaconing behavior associated with Decoy Dog domains, such that they adhere to a pattern of periodic, but infrequent, DNS requests so as to fly under the radar.

    “Decoy Dog domains can be grouped together based on their shared registrars, name servers, IPs, and dynamic DNS providers,” Infoblox said.

    “Given the other commonalities between Decoy Dog domains, this is indicative of either one threat actor gradually evolving their tactics, or multiple threat actors deploying the same toolkit on different infrastructure.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleGoogle Blocks 1.43 Million Malicious Apps, Bans 73,000 Bad Accounts in 2022
    Next Article FBI Focuses on Cybersecurity With $90M Budget Request
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑