Security News > 2023 > May > New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks

An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed Decoy Dog targeting enterprise networks.

"Decoy Dog is a cohesive toolkit with a number of highly unusual characteristics that make it uniquely identifiable, particularly when examining its domains on a DNS level," Infoblox said in an advisory published late last month.

One of the chief components of the toolkit is Pupy RAT, an open source trojan that's delivered by means of a method called DNS tunneling, in which DNS queries and responses are used as a C2 for stealthily dropping payloads.

Further investigation into Decoy Dog suggests that the operation had been set up at least a year prior to its discovery, with three distinct infrastructure configurations detected to date.

Another crucial aspect is the unusual DNS beaconing behavior associated with Decoy Dog domains, such that they adhere to a pattern of periodic, but infrequent, DNS requests so as to fly under the radar.

"Given the other commonalities between Decoy Dog domains, this is indicative of either one threat actor gradually evolving their tactics, or multiple threat actors deploying the same toolkit on different infrastructure."

News URL

https://thehackernews.com/2023/05/new-decoy-dog-malware-toolkit-uncovered.html