skip to Main Content
Return to Infoblox Homepage

Threat Intelligence Resources

Filter by:

ALL BLOGS MEDIA ARTICLES PRESS RELEASES REPORTS Solution Notes WEBINARS

12 Items

Blog

Infoblox Threat Intel
June 6, 2022

Executive Summary: VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms

Since February 2022, Infoblox’s Threat Intelligence Group has tracked malicious campaigns using dictionary domain generation algorithm (DDGA) domains to distribute scams and unwanted content.

Read more
Blog

Infoblox Threat Intel
June 6, 2022

VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms

The VexTrio DDGA is being used by malicious actors who take advantage of cheap, private domain registrations to create complex attack infrastructure that remain undetected for a long time.

Read more
Blog

Infoblox Threat Intel
February 1, 2023

Don’t Dial that Number! Distribution of Phishing Lookalikes through Fake Support Calls

The report highlights a tactic used to manipulate users, but was published nearly seven months after the campaign occurred.

Read more
Media Article

The Hacker News
March 5, 2023

Retrieving data. Wait a few seconds and try to cut or copy again

A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds.

Read more
Blog

Infoblox Threat Intel
April 20, 2023

Dog Hunt: Finding Decoy Dog Toolkit via Anomalous DNS Traffic

Infoblox analyzes over 70 billion DNS records each day, along with millions of domain-related records from other sources, to identify suspicious and malicious domains throughout the internet.

Read more
Media Article

Bleeping Computer
April 23, 2023

Decoy Dog malware toolkit found after analyzing 70 billion daily DNS queries

A new enterprise-targeting malware toolkit called ‘Decoy Dog’ has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity.

Read more
Report

Infoblox Threat Intel
April 24, 2023

A Deep3r Look at Lookal1ke Attacks

Threat actors have used visually similar domains to deceive users into visiting malicious websites since the advent of the internet.

Read more
Media Article

TechRepublic
May 2, 2023

Infoblox discovers rare Decoy Dog C2 exploit

Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor.

Read more
Media Article

Gestalt IT
May 11, 2023

Infoblox Uncovers Decoy Dog

Infoblox has released a threat report on a remote access trojan toolkit called “Decoy Dog” that utilized DNS command and control and went undetected for a year in various sectors across multiple regions.

WATCH NOW
Blog

Michael Zuckerman
May 19, 2023

Black Basta: Anatomy of the Attack

In the constantly evolving realm of cyber threats, new groups consistently arise, creating turmoil for organizations worldwide.

Read more
Blog

Infoblox Threat Intel
May 24, 2023

Infoblox Researchers Uncover Malicious Domains Hosting Cryptocurrency Scams

Infoblox security researchers have uncovered a group of malicious domains that are being used to host cryptocurrency scams, some of which have been associated with the hacking of YouTube channels.

Read more
Blog

Bob Hansmann
June 19, 2023

Deadly Combo: MFA & Lookalike Domains

In response to some important shifts in the threat landscape at the beginning of the year, Infoblox unveiled some innovative new capabilities at this year’s RSA conference in San Francisco.

Read more
Report

Infoblox Threat Intel
July 25, 2023

Decoy Dog is No Ordinary Pupy: Separating a Sly DNS Malware from the Pack

Decoy Dog is a malware toolkit discovered by Infoblox that uses the domain name system
(DNS) to perform command and control (C2).

Read more
Blog

Infoblox Threat Intel
July 25, 2023

Decoy Dog is No Ordinary Pupy: Separating a Sly DNS Malware from the Pack

The article provides a brief overview of our conclusions. Get the full report, including our Decoy Dog YARA rule, here and read the original paper here.

Read more
Press Release

Infoblox Threat Intel
July 25, 2023

Decoy Dog is No Ordinary Pupy – Infoblox Reveals Shift in Malware Tactics After Initial Discovery

Infoblox discovers that open-source software Pupy is a smokescreen for the real capabilities of Decoy Dog – highlighting the critical need for DNS security

Read more
Blog

Infoblox Threat Intel
August 24, 2023

VexTrio Deploys DNS-based TDS Server

In early 2022, Infoblox detected a widespread attack involving compromised WordPress websites that conditionally redirect visitors to intermediary command and control (C2) and dictionary domain generation algorithm (DDGA) domains.

Read more
Webinar

Dr. Renée Burton
September 5, 2023

Decoy Dog is No Ordinary Pupy: Separating a Sly DNS Malware from the Pack

In April 2023, Infoblox disclosed the discovery of Decoy Dog, a malware toolkit that uses the domain name system (DNS) to perform command and control (C2).

WATCH NOW
Blog

Renée Burton
September 26, 2023

Introducing DNS Threat Actors

Everyone loves a good whodunit. As the story of the recent attacks on MGM International and Caesars Entertainment unfolded, major news outlets competed to attribute an attacker to the ransomware that shut down a large portion of MGM operations.

Read more
Blog

Infoblox Threat Intel
October 3, 2023

Lookalike Domain Attacks are on the Rise. Be on the Lookout for these Four Types.

Explore the rise of lookalike domain attacks and their potential threats.

Read more
Blog

Infoblox Threat Intel
October 5, 2023

RDGAs: The New Face of DGAs

Think you know what DGA means? Think Again. RDGAs are used to register tens of thousands of domains by DNS threat actors every day.

Read more
Blog

Infoblox Threat Intel
October 12, 2023

Open Tangle Creates a Phishing Net for Consumers

Recently we introduced the concept of DNS threat actors and promised a series of portfolios to share details of actors we track; this article is the first.

Read more
Blog

Renée Burton
October 17, 2023

Click Here to Talk to an Attacker: How Bad Guys are Undermining Trust in Multi-factor Authentication (MFA)

Discover the rising threat of MFA lookalike domains and how they are exploited for account takeovers. Learn how the new Rapid Domain Triage capability can protect you!

Read more
Media Article

BetaNews
6 months ago

Prolific Puma protects pernicious phishing plotters

We’re all familiar with link shortening services, those handy tools that allow you to shrink URLs down to a manageable size to make them easier to share.

Read more
Solution Note

Infoblox
October 31, 2023

DNS-Based Threat Hunting for Unveiling Threats Early Before They Strike

The scope of DNS is enormous. There are now 1589 top level domains and 200,000 new
domains are created everyday.

Read more
Blog

Infoblox Threat Intel
October 31, 2023

Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime

Learn how a link shortening service that supports cybercrime remained undetected for years and was discovered via Domain Name Service (DNS) analytics.

Read more
Media Article

Krebs on Security
October 31, 2023

.US Harbors Prolific Malicious Link Shortening Service

Researchers at Infoblox say they’ve been tracking what appears to be a three-year-old link shortening service that is catering to phishers and malware purveyors.

Read more
Webinar

Brent Eskridge
December 13, 2023

SMS Cybercrime: a DNS Perspective

As email protection has increased, criminals have moved to attack users through SMS and other text messaging services.

WATCH NOW
Blog

Infoblox Threat Intel
December 21, 2023

Infoblox discovers rare Decoy Dog C2 exploit

Learn how multiple DNS threat actors and their infrastructures were found, revealing over 7,000 USPS-themed phishing domains.

Read more
Blog

Infoblox Threat Intel
January 23, 2024

Cybercrime Central: VexTrio Operates Massive Criminal Affiliate Program

DNS threat actor VexTrio runs a large-scale criminal affiliate program including ClearFake and SocGholish actors.

Read more
Media Article

Dark Reading
January 23, 2024

VexTrio' TDS: The Biggest Cybercrime Operation on the Web?

The traffic distribution system supports tens of thousands of malicious domains and cyberattack campaigns that reach far and wide globally.

Read more
Webinar

Dr. Renée Burton
February 7, 2024

Traffic Distribution Systems at the Heart of Cybercrime

In mainstream media, cybercriminals are often portrayed as exotic figures that employ dark arts of computer programming to disrupt social order.

WATCH NOW
Media Article

TechRepublic
February 9, 2024

Infoblox says IT Pros Are Missing This Mega-Threat From Organised Global Cyber Criminals

Cyber security threat actor VexTrio is flying under the radar for most APAC region cyber security professionals because it is a web traffic distribution middle man rather than an endpoint source of malware.

Read more
Solution Note

Infoblox
February 13, 2024

SOC Insights

Apply AI-driven analytics to turn vast amounts of event, network, ecosystem, and DNS intelligence data into actionable insights to elevate SecOps efficiency.

Read more
Blog

Infoblox Threat Intel
February 20, 2024

Ivanti Connect Secure VPN Exploitation – Correctly Interpreting DNS IoCs

Domains in a list of IoCs such as the ones found in recent articles about attacks involving Ivanti 0-days are a valuable product of incident response, but they can’t simply be added to a blocklist.

Read more
Report

Infoblox Threat Intel
February 28, 2024

Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads

A persistent investment fraud actor who leverages DNS CNAME records as a traffic distribution system (TDS) to control access to their malicious content spread through Facebook ads.

Read more
Blog

Infoblox Threat Intel
February 28, 2024

Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads

Learn how the threat actor Savvy Seahorse Facebook ads to lure users to fake investment platforms and leverages DNS to allow their attacks to persist for years.

Read more
Media Article

Bleeping Computer
February 28, 2024

Savvy Seahorse gang uses DNS CNAME records to power investor scams

A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns.

Read more
Solution Note

Infoblox
April 26, 2024

Infoblox Threat Intel

Uplift the entire security stack by optimizing your custom blend of threat intelligence.

Read more
Solution Note

Infoblox
April 26, 2024

Threat Insight

Real Time Inspection of Enterprise Network DNS Traffic to Detect Unknown Threats.

Read more
Press Release

Infoblox Threat Intel
April 29, 2024

Muddling Meerkat Press Release

Santa Clara, Calif., April 29, 2024 — Infoblox Inc., a leader in cloud networking and security services, today announced that its threat intel researchers,…

Read more
Report

Infoblox Threat Intel
April 29, 2024

Muddling Meerkat Report

Sometimes there are threats we can observe but not fully understand. This might be doubly
true when the evidence comes from Domain Name System (DNS) logs.

Read more
Blog

Dr. Renée Burton
April 29, 2024

Muddling Meerkat Blog Post

This paper introduces a perplexing actor, Muddling Meerkat, who appears to be a People’s Republic of China (PRC) nation state actor.

Read more
Blog

Infoblox Threat Intel
May 28, 2024

VexTrio Viper Adds a New DNS TDS Domain

Learn how VexTrio Viper adapts to industry reporting and about the role of Infoblox Threat Intel in identifying and responding to these changes. Despite their adaptations, VexTrio Viper is still detectable.

Read more
Back To Top