Decoy Dog Malware Threatens Enterprise Networks
Decoy Dog, a sophisticated toolkit that includes a RAT (remote access Trojan) called Pupy, has been identified by Infoblox Threat Intelligence Group. It has unique characteristics that make it easy to identify, including a highly unusual DNS signature that is present in less than 0.0000027% of active domains on the internet. It is specifically targeting enterprise networks and has been observed on enterprise networks, with zero evidence of activity on consumer devices. It is establishing C2 communication channels relatively soon after domain creation, and its DNS queries have unusual characteristics that allow for flagging of domains that are believed to belong to the threat actor. Malware: pupy(Linux), Pupy, pupy(Python), pupy(Windows) [View Article](https://cyberwarzone.com/decoy-dog-malware-threatens-enterprise-networks/)