Infoblox has published a second threat report with critical updates on "Decoy Dog," the remote access trojan (RAT) toolkit they discovered and disclosed in April 2023.
The malware uses DNS to establish command and control (C2) and is suspected as a secret tool used in ongoing nation-state cyber attacks.
The threat actors swiftly responded following Infoblox's disclosure of the toolkit, adapting their systems to ensure continued operations, indicating that maintaining access to victim devices remains a high priority.
The analysis shows that the use of the malware has spread, with at least three actors now operating it. Although based on the open-source RAT Pupy, Decoy Dog is a fundamentally new, previously unknown malware with many features to persist on a compromised device.
Many aspects of Decoy Dog remain a mystery, but Infoblox says all signs point to nation-state hackers. Infoblox released a new data set containing DNS traffic captured from Infoblox's servers to support further industry investigation of the C2 systems.
Infoblox highlights a significant risk that Decoy Dog and its use will continue to grow and impact organisations globally. The only known means to detect and defend against Decoy Dog/Pupy today is with DNS Detection and Response systems like Infoblox's BloxOne Threat Defense.
Scott Harrell, Infoblox President and CEO, says: "It's intuitive that DNS should be the first line of defense for organisations to detect and mitigate threats like Decoy Dog. Infoblox is the industry's best-of-breed DNS Detection and Response solution, providing companies with a turn-key defense that other XDR solutions would miss."
"As demonstrated with Decoy Dog, studying and deeply understanding the attacker's tactics and techniques allows us to block threats before they are even known as malware."
Through large-scale DNS analy ..
Support the originator by clicking the read the rest link below.
