"New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks"

An analysis of more than 70 billion DNS records resulted in the discovery of Decoy Dog, a new sophisticated malware toolkit aimed at enterprise networks. Decoy Dog is evasive and uses techniques such as strategic domain aging and DNS query dribbling, in which a series of queries are sent to command-and-control (C2) domains in order to avoid detection. According to Infoblox, Decoy Dog is a cohesive toolset with several odd traits that make it distinctly identifiable, particularly when looking at its domains at the DNS level. The cybersecurity company said the malware was discovered due to unusual DNS beaconing activity, and its uncommon properties allowed it to map more domains that are part of the attack infrastructure. Researchers have found that the use of Decoy Dog in the wild is "very rare," with the DNS signature matching less than 0.0000027 percent of the 370 million active domains on the Internet. Pupy RAT, an open-source Trojan delivered using DNS tunneling, in which DNS queries and responses are used as a C2 for dropping payloads, is one of the toolkit's main components. This article continues to discuss researchers' findings and observations regarding the new sophisticated malware toolkit dubbed Decoy Dog.

THN reports "New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks"