home.social

#decoydog — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #decoydog, aggregated by home.social.

  1. ASEC: Pupy is a RAT malware strain that offers cross-platform support. A malware strain named Decoy Dog was discovered, which is an updated version of Pupy RAT. Decoy Dog was used in attacks against corporate networks in Russia and Eastern Europe. ASEC briefly describes Pupy RAT attacks against Asian countries and South Korea, and lists IOC. 🔗 asec.ahnlab.com/en/64258/

    #threatintel #PupyRAT #DecoyDog #RAT #IOC

  2. ASEC: Pupy is a RAT malware strain that offers cross-platform support. A malware strain named Decoy Dog was discovered, which is an updated version of Pupy RAT. Decoy Dog was used in attacks against corporate networks in Russia and Eastern Europe. ASEC briefly describes Pupy RAT attacks against Asian countries and South Korea, and lists IOC. 🔗 asec.ahnlab.com/en/64258/

    #threatintel #PupyRAT #DecoyDog #RAT #IOC

  3. ASEC: Pupy is a RAT malware strain that offers cross-platform support. A malware strain named Decoy Dog was discovered, which is an updated version of Pupy RAT. Decoy Dog was used in attacks against corporate networks in Russia and Eastern Europe. ASEC briefly describes Pupy RAT attacks against Asian countries and South Korea, and lists IOC. 🔗 asec.ahnlab.com/en/64258/

    #threatintel #PupyRAT #DecoyDog #RAT #IOC

  4. ASEC: Pupy is a RAT malware strain that offers cross-platform support. A malware strain named Decoy Dog was discovered, which is an updated version of Pupy RAT. Decoy Dog was used in attacks against corporate networks in Russia and Eastern Europe. ASEC briefly describes Pupy RAT attacks against Asian countries and South Korea, and lists IOC. 🔗 asec.ahnlab.com/en/64258/

    #threatintel #PupyRAT #DecoyDog #RAT #IOC

  5. ASEC: Pupy is a RAT malware strain that offers cross-platform support. A malware strain named Decoy Dog was discovered, which is an updated version of Pupy RAT. Decoy Dog was used in attacks against corporate networks in Russia and Eastern Europe. ASEC briefly describes Pupy RAT attacks against Asian countries and South Korea, and lists IOC. 🔗 asec.ahnlab.com/en/64258/

    #threatintel #PupyRAT #DecoyDog #RAT #IOC

  6. Almost exactly one year ago, we announced the discovery of a new DNS C2 malware -- Decoy Dog. This remote access trojan had been lurking for already a year undetected by the industry and was essentially disguised as the open source tool, Pupy. Our second research released in July 2023 showed how different Decoy Dog was from Pupy and that it was being used by multiple distinct actors, almost certainly nation state actors... but we had no idea where it was actually operating. We now know that the Russian security company, and others, have found Decoy Dog in the wild since then. They attribute attacks on Russian governments and critical infrastructure to Ukraine. We are confident there are multiple actors using the toolkit (see our second paper linked below). But we now have a better insight on the types of devices that are being exploited. Also PT shows active use of the DGA in Decoy Dog that we had disclosed in our second paper. This is a serious RAT and hopefully the community will continue to report findings and share protection mechanisms. #dns #decoydog #malware #rat #cybercrime #cybersecurity #russia #ukraine #threatintel #hreatintelligence #infosec #pupy #infoblox #rat ptsecurity.com/ww-en/analytics blogs.infoblox.com/cyber-threa

  7. So.. twice this year a DNS threat actor changed behavior when we were investigating and they soared from suspicious to malicious. lol. clever. first #decoydog then #prolificpuma ... anyhow.. kinda funny.. we fully expected them to regroup... it's their job after all to do the crime thing.. but they just can't let go of music references.. new email address 6lackrules@proton[.]me. no more anon usTLD registrations it looks like.

    Here's some domains. a slight change in hosting. i don't see the shorteners set up yet but for these'll be for sms bad activities again i'm sure.

    zk0[.]us,zg5[.]us,yl4[.]us,yg2[.]us,y4f[.]us,xa4[.]us,x8i[.]us,wu7[.]us,wn3[.]us,w1m[.]us,v9e[.]us,v3y[.]us,uv5[.]us,uj2[.]us,ud4[.]us,u7n[.]us,u2f[.]us,tr0[.]us,tl1[.]us,t7x[.]us,s9k[.]us,qb9[.]us,q8r[.]us,q6d[.]us,q3u[.]us,q2u[.]us,pj8[.]us,p6s[.]us,p6h[.]us,o8r[.]us,o8l[.]us,o1i[.]us,lh8[.]us,ks0[.]us,kf8[.]us,k7x[.]us,k3o[.]us,jx4[.]us,jf4[.]us,hz0[.]us,h7s[.]us,h6l[.]us,g9s[.]us,g9j[.]us,fy3[.]us,f5y[.]us,f3z[.]us,er7[.]us,ecyz[.]us,e9c[.]us,d8c[.]us,c9i[.]us,c9a[.]us,bk7[.]us,a8m[.]us,a8j[.]us,a6r[.]us,9yl[.]us,9xl[.]us,9ou[.]us,9ma[.]us,9jy[.]us,9iq[.]us,8qe[.]us,8mv[.]us,8im[.]us,8fv[.]us,7ov[.]us,7nv[.]us,7cb[.]us,6np[.]us,6bu[.]us,5jc[.]us,5ja[.]us,3kc[.]us,2jk[.]us,2cl[.]us,0ho[.]us,piyt[.]us,zlyx[.]us,wyop[.]us,wk0[.]us,k0z[.]us,8ec[.]us,7ol[.]us,kaqu[.]us,jdhr[.]us,ivdo[.]us,w6r[.]us,t6s[.]us,sg4[.]us,j8q[.]us,f1d[.]us,aehv[.]us,utpy[.]us,jqcu[.]us,kxjm[.]us

    #dns #malware #smishing #phishing #cybersecurity #infosec #infoblox

  8. A few months ago I posted about a DNS malware C2 we had discovered— Decoy Dog — that was based on Pupy, had been undetected for over a year, and had some inexplicable behavior. We hoped the community would easily find the infected devices based on the info we provided. No suck luck. Since then we have used DNS to learn and an astonishing amount about the operations. Once we realized Decoy Dog was more advanced than Pupy, and we saw how the actors responded to our original relesases, we went back to the binaries. Today we released an indepth technical analysis of Decoy Dog, a Pupy research data set, and a new Yara rule. This is the exec summary. Link to the full technical paper and other tidbits in the comments. #dns #theatintel #malware #decoydog #rat #c2 #infoblox #datascience #threatresearch blogs.infoblox.com/cyber-threa