Infoblox Threat Intel

Ruthless Rabbit

Ruthless Rabbit is a sophisticated investment scam threat actor that has been operating since late 2022. It uses registered domain generation algorithms (RDGAs) to preregister thousands of short-lived domains, enabling rapid rotation to evade detection.

The actor employs wildcard DNS, geofencing and cloaking techniques to filter security scanners and deliver tailored scam content only to valid targets, mostly in Eastern Europe. Victims are redirected to convincing fake investment platforms, often spoofing known brands or celebrities.

Ruthless Rabbit’s campaigns exemplify how DNS abuse and evasive infrastructure tactics are reshaping cyberfraud at scale.

Ruthless Rabbit

Operating since: At least 2022
Infoblox discovered: July 2024
Infoblox published: April 2025
Prevalence: Uncommon

Threat actor resources

Blog

Infoblox Threat Intel
April 28, 2025

Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams

Dive into the similarities among large-scale investment scams and learn how DNS abuse fuels this billion-dollar industry.

Infoblox Threat Intel

Ruthless Rabbit

Threat actor resources

Blog

Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams

Products

Solutions

Company

Resources

Get Infoblox Email Updates