Decoy Dog

Malware Profile Updated 4 days ago
Download STIX
Preview STIX
Decoy Dog is a sophisticated malware that has been used in well-known cyber campaigns such as DarkHydrus, OilRig, xHunt, SUNBURST, and more. This malicious software leverages DNS tunneling for command-and-control (C2) operations, sharing the same underlying tunneling tool, Pupy, which uses the character 9 as padding when encoding data. First detected in late March or early April 2022, Decoy Dog has evolved continuously to impede detection and analysis, both in traffic and in the file system. Notably, it was revealed in April 2023 by Infoblox that at least 20 organizations in Russia had fallen victim to this modified version of Pupy RAT. Decoy Dog exploits the lack of DNS oversight that often occurs in networks, making it an ongoing and serious threat. The malware's unique signature indicates not just the presence of the open-source Pupy RAT but also the Decoy Dog toolkit being used for deployment. Security researchers have underscored the malware's continuous evolution following the publication of materials on its initial version. However, there is a lack of insight into the underlying victim systems and vulnerabilities being exploited, making it difficult to mitigate the threat effectively. Scott Harrell, Infoblox President and CEO, emphasized the role of DNS as the first line of defense for organizations against threats like Decoy Dog. Infoblox offers a best-of-breed DNS Detection and Response solution, providing companies with a turn-key defense that other XDR solutions might miss. Investigations into Decoy Dog and Pupy RAT are ongoing, highlighting the necessity of robust DNS oversight in network security. Despite the challenges, experts hope that this particular spate of network compromise remains relatively rare.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Decoy
Infoblox
Trojan
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Decoy Dog Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
RSAC 2023 | Cybersecurity research on edge computing generates big interest - Cybersecurity Insiders
CERT-EU
10 months ago
Cyber Security Today, Week in Review for the week ending Friday, July 28, 2023 | IT World Canada News
CERT-EU
a year ago
Cyber Security Today, April 26, 2023 – New reports on ransomware and cyber attacks | IT World Canada News
DARKReading
10 months ago
Decoy Dog Gets an Upgrade With New Persistence Features
CERT-EU
a year ago
Infoblox Uncovers DNS Malware Toolkit & Urges Companies to Block Malicious Domains
CERT-EU
a year ago
New Decoy Dog Malware Toolkit Targets Enterprise Networks
CERT-EU
5 months ago
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies
DARKReading
a year ago
Infoblox Uncovers DNS Malware Toolkit & Urges Companies to Block Malicious Domains
CERT-EU
10 months ago
Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks
Unit42
4 days ago
Leveraging DNS Tunneling for Tracking and Scanning
DARKReading
9 months ago
Infoblox Blows Whistle On ‘Decoy Dog,’ Advocates For Better DNS Monitoring
Malwarebytes
a year ago
Decoy dog toolkit plays the long game with Pupy RAT
CERT-EU
10 months ago
New P2Pinfect malware campaign against Redis servers detailed
CERT-EU
4 months ago
Cloud Atlas Phishing Attacks: Russian Companies Beware
CERT-EU
10 months ago
Decoy Dog is No Ordinary Pupy - Infoblox Reveals Shift in Malware Tactics After Initial Discovery
CERT-EU
a year ago
Decoy Dog Malware Tool Kit Spotted Via Malicious DNS Queries | IT Security News
Unit42
7 months ago
Understanding DNS Tunneling Traffic in the Wild
CERT-EU
a year ago
Anomali Cyber Watch: Two Supply-Chain Attacks Chained Together, Decoy Dog Stealthy DNS Communication, EvilExtractor Exfiltrates to FTP Server
Securityaffairs
a year ago
Experts spotted a sophisticated malware toolkit called Decoy Dog
CERT-EU
10 months ago
Decoy Dog Malware Upgraded to Include New Features