decoy-dog-malware

Analysis 

Cybersecurity organisation Infoblox has identified a brand-new, sophisticated malware toolkit named Decoy Dog after inspecting over 70 billion DNS data. To avoid being discovered, Decoy Dog uses evasive strategies including DNS query dribbling and smart domain ageing. The toolkit is well-organized and has distinctive features that make it simple to recognise, especially when looking at its domains at the DNS level. Less than 0.0000027% of active domains on the internet have a DNS signature match, making Decoy Dog's use in the wild very unusual. The main element of the virus is Pupy RAT, which is distributed through DNS tunnelling.

Prevention 

  • Always update software
  • Create secure, one-of-a-kind passwords
  • Watch out for dubious emails and connections.
  • Use a firewall
  • Employ a DNS security 
  • Consistently back up your data 

Detection 

  • Regularly check your network traffic for any odd or suspicious activities, such as a high volume of DNS requests or traffic to unidentified sites.
  • Use an intrusion detection system (IDS) to identify suspicious network activity and get alerts about it.
  • Use a DNS monitoring tool to keep an eye on your DNS traffic for any odd patterns or requests that could point to an attack.
  • Keep an eye out for unusual behaviour by keeping an eye on the system logs for any activity that could point to a malware infestation.

Indicators of Compromise (IOCs)

  • Unusual network activity, including a lot of traffic going to dubious sites or traffic using unusual protocols.
  • Modifications to system behaviour, such as an elevated level in resource utilisation, unauthorised access attempts, or configuration changes.
  • Suspicious files: These include the occurrence of unfamiliar or unauthorised files as well as modifications to file properties or hashes.
  • Suspicious user behaviour, such as logins from unusual locations or accounts with unauthorised rights.
  • Security notifications: These include IDS or antivirus alerts that reveal attempts to take advantage of known security flaws or malware signatures.
  • Unauthorised or suspect login attempts, such as those made from odd places or at odd hours.

References 

The hacker news

 

 

# Managed Security Services

Recent Threat Bulletin

A report on Jenkins CVE-2024-23897 vulnerability
Ivanti Zero-Day Vulnerabilities: Connect Secure and IPS
Unmasking Androxgh0st: A deep dive to safeguard your network

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.

logo-img

Positka specializes in high-end technology solutions to help businesses improve their IT infrastructure with advanced Security Protocols, excellence in Analytics, Streamlined IT Operations, & around-the-clock Managed services.

Quick Links

Services

Copyright Positka © . All Rights Reserved.