Decoy Dog Malware Tool Kit Spotted Via Malicious DNS Queries


A new malware tool kit, “Decoy Dog,” has been actively targeting enterprise networks for a year. The researchers identified Decoy Dog after analyzing billions of DNS queries. Decoy Dog Malware Actively Targeting Enterprises Sharing the details in a recent blog post, the cybersecurity firm Infoblox has unveiled a new malware tool kit, “Decoy Dog,” running active campaigns in the wild. As elaborated, the researchers became curious about the matter upon detecting billions of malicious DNS queries. They scanned at least 70 billion DNS queries to find a similar DNS pattern from 0.0000027% of all active domains globally. What alarmed them about the DNS queries was their peculiarity – they returned unresolvable IP addresses, something quintessential of US Dept. of Defense or malicious phishing campaigns. Analyzing the matter further made the researchers detect these queries generated from enterprise networks. Then, the C2 communications linked back to Russian hosts. Eventually, the researchers could find PupyRAT related to this activity. The Decoy Dog malware tool kit supposedly deployed PupyRAT on target enterprise networks.

Read more…