Security News > 2023 > May > InfoBlox discovers rare Decoy Dog C2 exploit

Infoblox Threat Intelligence Group, which says it analyzes billions of DNS records and millions of domain-related records each day, has reported a new malware toolkit called Decoy Dog that uses a remote access trojan called Pupy.

InfoBlox found that the Decoy Dog toolkit that uses Pupy in fewer than 3% of all networks, and that the threat actor who has control of Decoy Dog is connected to just 18 domains.

When InfoBlox analyzed the queries in external global DNS data, the firm's researchers found that the Decoy Dog C2 originated almost exclusively from hosts in Russia.

"It's a complex, multi-module trojan that provides no instruction to the user on how to establish the DNS nameserver in order to carry out C2 communications. As a result, it is not easily accessible to the common cybercriminal," she said.

Decoy Dog is an extraordinarily rare deployment of Pupy with a DNS signature revealing how it was configured and how it operates.

Although Decoy Dog is miniscule in deployment, there are inherent risks in concealed RATs, or malware that has mysterious provenance and remains invisible.

News URL

https://www.techrepublic.com/article/infoblox-discovers-decoydog-exploit/