Gadgets & Technology
Infoblox Uncovers DNS Malware Toolkit & Urges Companies to Block Malicious Domains
- Infoblox releases report findings on “Decoy Dog” and collaborates across the industry to help raise awareness and problem solve
- Command-and-control (C2) domain over DNS went undiscovered for a year as part of a single toolkit
- Threat spotlights dangers of malware traffic on networks and importance of a DNS security strategy
- Infoblox BloxOne® Threat Defense protects customers from these suspicious C2 domains
Infoblox Inc., the company that delivers a simplified, cloud-enabled networking and security platform for improved performance and protection, published a threat report blog on a remote access trojan (RAT) toolkit with DNS command and control (C2). The toolkit created an anomalous DNS signature observed in enterprise networks in the U.S., Europe, South America, and Asia across technology, healthcare, energy, financial and other sectors. Some of these communications go to a controller in Russia.
Coined “Decoy Dog,” Infoblox’s Threat Intelligence Group was the first to discover this toolkit and is collaborating with other security vendors, as well as customers, to disrupt this activity, identify the attack vector, and secure global networks. The critical insight is that DNS anomalies measured over time not only surfaced the RAT, but ultimately tied together seemingly independent C2 communications. A technical analysis of Infoblox’s findings is here.
“Decoy Dog is a stark reminder of the importance of having a strong, protective DNS strategy,” said Renée Burton, Senior Director of Threat Intelligence for Infoblox. “Infoblox is focused on detecting threats in DNS, disrupting attacks before they start, and allowing customers to focus on their own business.”
As a specialized DNS-based security vendor, Infoblox tracks adversary infrastructure and can see suspicious activity early in the threat lifecycle, where there is “intent to compromise” and before the actual attack starts. As a normal course of business, any indicators that are deemed suspicious are included in Infoblox’s Suspicious domain feeds, direct to customers, to help them preemptively protect themselves against new and emerging threats.
Threat Discovery, Anatomy & Mitigation:
- Infoblox discovered activity from the remote access trojan (RAT) Pupy active in multiple enterprise networks in early April 2023. This C2 communication went undiscovered since April 2022.
- The RAT was detected from anomalous DNS activity on limited networks and in network devices such as firewalls; not user devices such as laptops or mobile devices.
- The RAT creates a footprint in DNS that is extremely hard to detect in isolation but, when analyzed in a global cloud-based protective DNS system like Infoblox’s BloxOne® Threat Defense, demonstrates strong outlier behavior. Further it allowed Infoblox to tie the disparate domains together.
- C2 communications are made over DNS and are based on an open-source RAT called Pupy. While this is an open-source project, it has been consistently associated with nation-state actors.
- Organizations with protective DNS can mitigate their risk. BloxOne Threat Defense customers are protected from these suspicious domains.
- In this case, Russian C2 domains were already included in the Suspicious domains feeds in BloxOne Threat Defense (Advanced) back in the fall of 2022. In addition to the Suspicious Domains feed, these domains have now been added to Infoblox’s anti-malware feed.
“And Just Like That” Season 2 Drops Exclusively on OSN+ on 22 June
OSN, the region’s leading TV entertainment company for premium, must-see content, is excited to announce the highly anticipated return of...
Dubai south properties appoints GINCO general contracting to develop south Bay
Dubai South Properties announced the appointment of Ginco General Contracting for a significant contract valued at AED 1 billion for...
Mindware Partners with OneSpan to Help Protect MEA Organizations from Digital Fraud
Mindware, a leading value-added distributor (VAD) in the Middle East and Africa, announced today its partnership with OneSpan, the digital...
Candlelight Concert Series presents Rings & Dragons in Dubai
Fever brings the multi-sensory musical experience to awe-inspiring locations like never seen before
Saudi Arabia to display interactive design installation “Woven” at London Design Biennale 2023
The Architecture and Design Commission announces the participation of the Kingdom of Saudi Arabia in the fourth edition of the...
Bodour Al Qasimi appoints Mariam Al-Obaidli as Managing Director of Kalimat Group
Publishing industry expert to drive innovation and enrichment of Arabic library with group's exceptional publications
HE Al Zeyoudi meets delegation from Mexico to enhance cooperation in fields of trade, investment, agriculture, advanced technology and financial services
His Excellency Dr Thani bin Ahmed Al Zeyoudi, Minister of State for Foreign Trade, has welcomed a delegation of senior...
42 Abu Dhabi Hosts its Second Chess Tournament with the Participation of World-Renowned Champions
42 Abu Dhabi, the UAE capital’s innovative and disruptive coding school that provides a unique peer-to-peer, gamified learning methodology, hosted...
Dubai’s summer ‘KIDS-GO-FREE’ campaign kicks off with an exclusive meet & greet with A-LIST KID-FLUENCERS at motiongate
Dubai’s summer just got a lot cooler! Get ready to experience the magic of MOTIONGATE™ Dubai and Dubai’s incredible attractions...
MeetChina returns to Abu Dhabi for 10th edition
With China’s reopening gaining momentum and global destinations eager for Chinese visitors to return, MeetChina offers the ideal platform for...
Lumina Capital Advisers appointed as a registered provider to UK Government’s DBT Overseas Referral Network
Lumina Capital Advisers, a leading corporate finance advisory firm, has been appointed by the UK government’s Department for Business and...
HE Al Zeyoudi Addresses US GreenTech Delegation in Dubai, Invites Private-Sector to Invest in Clean Energy Transition
His Excellency Dr Thani bin Ahmed Al Zeyoudi, Minister of State for Foreign Trade, addressed a US-led GreenTech delegation to...
Abu Dhabi Festival Co-production of ‘Eden’ World Tour Continues to Captivate Audiences Worldwide
The Abu Dhabi Festival co-production of Grammy-winning mezzo-soprano Joyce DiDonato’s ‘Eden,’ which seeks to restore humanity’s connection to the natural...
The Green Planet and GEMS Legacy School Join Forces to Raise Awareness on Plastic Pollution
In celebration of World Environment Day, The Green Planet – Dubai’s only indoor tropical rainforest – is partnering with GEMS...
Soak up the sun and enjoy JUMEIRAH creekside hotel’s pool party at CU-BA rooftop
Jumeirah Creekside Hotel is thrilled to announce its latest offering, the exciting Pool Party at Cu-Ba. Overlooking Dubai Creek, the...
- Manufacturing & Industry1 week ago
HyperPay showcases innovative solutions at Seamless Dubai, explores avenues to foster fintech industry
- Developments1 week ago
Azizi Developments’ Creek Views II reaches 37% completion milestone
- Business & Money1 week ago
Sharjah Publishing City Free Zone signs new contracts with more than 10 publishers
- Events & Happenings1 week ago
STARZPLAY and NMPRO collaborate to unveil ‘Big Lie’
- Food & Beverages6 days ago
Expo Culinaire attracting more than 2,000 chefs from around the world
- Gadgets & Technology6 days ago
LG unveils next-generation OLED evo TVs in UAE
- Developments1 week ago
OSN partners with Mintroute to further expand OSN+ App reach across MENA
- Events & Happenings1 week ago
The beach is calling – coveted hotspot Summersalt Beach Club launches ladies day pass