BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Infoblox experts have discovered a new set of Decoy Dog malware

    After another check for abnormal DNS traffic that differs from normal Internet activity, Infoblox experts have discovered a new set of enterprise malware called "Decoy Dog".

    Decoy Dog helps attackers bypass standard detection methods through strategic "domain aging" and DNS query cloning to build a good reputation with security vendors.

    Researchers at Infoblox discovered the tool earlier this month as part of their daily analysis of more than 70 billion DNS records looking for signs of suspicious activity.

    Experts report that Decoy Dog's DNS fingerprint is extremely rare and unique among the 370 million active domains on the Internet, making it much easier to identify and track. Therefore, an investigation into Decoy Dog's malicious infrastructure quickly led to the discovery of several C2 servers that were associated with the same operation.

    Further investigation revealed that the DNS tunnels of the discovered domains had characteristics that pointed to Pupy RAT, a remote access trojan deployed by the Decoy Dog toolkit.

    Pupy RAT is an open source, modular post-exploitation toolkit popular with government-sponsored hackers for its stealth, support for encrypted C2 communications, and assistance in teaming and coordinating with other users of the tool.

    The Pupy RAT project supports payloads on all major desktop and mobile operating systems, including Windows, macOS, Linux, and Android. Like other RATs, it allows attackers to remotely execute commands, elevate privileges, steal credentials, and spread across a compromised network.

    “This multi-part signature gave us confidence that the associated domains weren't just using Pupy. They were all part of Decoy Dog, a large single set of tools that deployed Pupy in enterprises in a very specific way,” the Infoblox report says.

    In addition, analysts found different behavior of DNS beacons on all honeypot domains configured to follow a specific pattern of periodically but infrequently generating DNS queries.

    An investigation of the details showed that Operation Decoy Dog started at the beginning of last April and remained unnoticed for more than a year. Even though the domains of this toolkit show extreme outliers in analytics.

    Infoblox listed Decoy Dog domains in their report and added them to their "Suspicious Domains" list to help defenders, security analysts, and targeted organizations protect against this sophisticated threat.

    The company has also shared indicators of compromise on its public GitHub repository, which can be used to manually add to blacklists.

    Decoy Dog detection demonstrates the ability to use large-scale data analysis to detect anomalous activity on the Internet, which in the future will allow to find such threats faster in the future.

    Author DeepWeb
    Dragon's Breath APT Raises Cyber Attacks Against Chinese-Speaking Windows Users
    Chinese cybercriminals Earth Longzhi use new method to deactivate security systems on target computers

    Comments 0

    Add comment