SANTA CLARA, Calif., April 20, 2023 /PRNewswire/ — Infoblox Inc. the company that delivers a simplified, cloud- enabled networking and security platform for improved performance and protection, today published a threat report blog on a remote access trojan (RAT) toolkit with DNS command and control (C2). The toolkit created an anomalous DNS signature observed in enterprise networks in the U.S., Europe, South America, and Asia across technology, healthcare, energy, financial and other sectors. Some of these communications go to a controller in Russia.
Coined “Decoy Dog,” Infoblox’s Threat Intelligence Group was the first to discover this toolkit and is collaborating with other security vendors, as well as customers, to disrupt this activity, identify the attack vector, and secure global networks. The critical insight is that DNS anomalies measured over time not only surfaced the RAT, but ultimately tied together seemingly independent C2 communications. A technical analysis of Infoblox’s findings is here.
“Decoy Dog is a stark reminder of the importance of having a strong, protective DNS strategy,” said Renée Burton, Senior Director of Threat Intelligence for Infoblox. “Infoblox is focused on detecting threats in DNS, disrupting attacks before they start, and allowing customers to focus on their own business.”
As a specialized DNS-based security vendor, Infoblox tracks adversary infrastructure and can see suspicious activity early in the threat lifecycle, where there is “intent to compromise” and before the actual attack starts. As a normal course of business, any indicators that are deemed suspicious are included in Infoblox’s Suspicious domain feeds, direct to customers, to help them preemptively protect themselves against new