BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Infoblox experts have discovered a new set of Decoy Dog malware

    After another check for abnormal DNS traffic that differs from normal Internet activity, Infoblox experts have discovered a new set of enterprise malware called "Decoy Dog".

    Decoy Dog helps attackers bypass standard detection methods through strategic "domain aging" and DNS query cloning to build a good reputation with security vendors.

    Researchers at Infoblox discovered the tool earlier this month as part of their daily analysis of more than 70 billion DNS records looking for signs of suspicious activity.

    Experts report that Decoy Dog's DNS fingerprint is extremely rare and unique among the 370 million active domains on the Internet, making it much easier to identify and track. Therefore, an investigation into Decoy Dog's malicious infrastructure quickly led to the discovery of several C2 servers that were associated with the same operation.

    Further investigation revealed that the DNS tunnels of the discovered domains had characteristics that pointed to Pupy RAT, a remote access trojan deployed by the Decoy Dog toolkit.

    Pupy RAT is an open source, modular post-exploitation toolkit popular with government-sponsored hackers for its stealth, support for encrypted C2 communications, and assistance in teaming and coordinating with other users of the tool.

    The Pupy RAT project supports payloads on all major desktop and mobile operating systems, including Windows, macOS, Linux, and Android. Like other RATs, it allows attackers to remotely execute commands, elevate privileges, steal credentials, and spread across a compromised network.

    “This multi-part signature gave us confidence that the associated domains weren't just using Pupy. They were all part of Decoy Dog, a large single set of tools that deployed Pupy in enterprises in a very specific way,” the Infoblox report says.

    In addition, analysts found different behavior of DNS beacons on all honeypot domains configured to follow a specific pattern of periodically but infrequently generating DNS queries.

    An investigation of the details showed that Operation Decoy Dog started at the beginning of last April and remained unnoticed for more than a year. Even though the domains of this toolkit show extreme outliers in analytics.

    Infoblox listed Decoy Dog domains in their report and added them to their "Suspicious Domains" list to help defenders, security analysts, and targeted organizations protect against this sophisticated threat.

    The company has also shared indicators of compromise on its public GitHub repository, which can be used to manually add to blacklists.

    Decoy Dog detection demonstrates the ability to use large-scale data analysis to detect anomalous activity on the Internet, which in the future will allow to find such threats faster in the future.

    Author DeepWeb
    Dragon's Breath APT Raises Cyber Attacks Against Chinese-Speaking Windows Users
    Chinese cybercriminals Earth Longzhi use new method to deactivate security systems on target computers

    Comments 0

    Add comment