Threat Intelligence Resources
Filter by:
12 Items
Research Report
Dr. Renée Burton
November 23, 2020
Tools of the Trade: Distilling Malicious Campaigns in Spam
Infoblox security products leverage block lists to protect our customers and their network users from Internet threats at the Domain Name System (DNS) level.
Research Report
Laura Teixeira da Rocha
December 20, 2021
InfoRanks: Infoblox Ranking Service
InfoRanks is Infoblox’s product for generating statistically significant, accurate rankings of popular domains.
Blog
Infoblox Threat Intel
June 6, 2022
Executive Summary: VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms
Since February 2022, Infoblox’s Threat Intelligence Group has tracked malicious campaigns using dictionary domain generation algorithm (DDGA) domains to distribute scams and unwanted content.
Blog
Infoblox Threat Intel
June 6, 2022
VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms
The VexTrio DDGA is being used by malicious actors who take advantage of cheap, private domain registrations to create complex attack infrastructure that remain undetected for a long time.
Research Report
Renée Burton and Laura da Rocha
June 22, 2022
No Ranking List Is Perfect: A Top Domains List Comparison
Amazon discontinued production of its popular Internet domain ranking list, Alexa, on May 1st, 2022 and many users of the service are scrambling to find a replacement.
Research Report
Renée Burton, Laura da Rocha, Brent Eskridge
November 1, 2022
Reliable Reputation
The reputation, risk, or likelihood of abuse of Internet infrastructure is an important factor in evaluating and prioritizing potential threats.
Blog
Infoblox Threat Intel
February 1, 2023
Don’t Dial that Number! Distribution of Phishing Lookalikes through Fake Support Calls
The report highlights a tactic used to manipulate users, but was published nearly seven months after the campaign occurred.
Media Article
The Hacker News
March 5, 2023
Retrieving data. Wait a few seconds and try to cut or copy again
A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds.
Blog
Infoblox Threat Intel
April 20, 2023
Dog Hunt: Finding Decoy Dog Toolkit via Anomalous DNS Traffic
Infoblox analyzes over 70 billion DNS records each day, along with millions of domain-related records from other sources, to identify suspicious and malicious domains throughout the internet.
Media Article
Bleeping Computer
April 23, 2023
Decoy Dog malware toolkit found after analyzing 70 billion daily DNS queries
A new enterprise-targeting malware toolkit called ‘Decoy Dog’ has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity.
Report
Infoblox Threat Intel
April 24, 2023
A Deep3r Look at Lookal1ke Attacks
Threat actors have used visually similar domains to deceive users into visiting malicious websites since the advent of the internet.
Media Article
TechRepublic
May 2, 2023
Infoblox discovers rare Decoy Dog C2 exploit
Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor.
Media Article
Gestalt IT
May 11, 2023
Infoblox Uncovers Decoy Dog
Infoblox has released a threat report on a remote access trojan toolkit called “Decoy Dog” that utilized DNS command and control and went undetected for a year in various sectors across multiple regions.
Blog
Michael Zuckerman
May 19, 2023
Black Basta: Anatomy of the Attack
In the constantly evolving realm of cyber threats, new groups consistently arise, creating turmoil for organizations worldwide.
Blog
Infoblox Threat Intel
May 24, 2023
Infoblox Researchers Uncover Malicious Domains Hosting Cryptocurrency Scams
Infoblox security researchers have uncovered a group of malicious domains that are being used to host cryptocurrency scams, some of which have been associated with the hacking of YouTube channels.
Blog
Bob Hansmann
June 19, 2023
Deadly Combo: MFA & Lookalike Domains
In response to some important shifts in the threat landscape at the beginning of the year, Infoblox unveiled some innovative new capabilities at this year’s RSA conference in San Francisco.
Report
Infoblox Threat Intel
July 25, 2023
Decoy Dog is No Ordinary Pupy: Separating a Sly DNS Malware from the Pack
Decoy Dog is a malware toolkit discovered by Infoblox that uses the domain name system
(DNS) to perform command and control (C2).
Blog
Infoblox Threat Intel
July 25, 2023
Decoy Dog is No Ordinary Pupy: Separating a Sly DNS Malware from the Pack
The article provides a brief overview of our conclusions. Get the full report, including our Decoy Dog YARA rule, here and read the original paper here.
Press Release
Infoblox Threat Intel
July 25, 2023
Decoy Dog is No Ordinary Pupy – Infoblox Reveals Shift in Malware Tactics After Initial Discovery
Infoblox discovers that open-source software Pupy is a smokescreen for the real capabilities of Decoy Dog – highlighting the critical need for DNS security
Blog
Infoblox Threat Intel
August 24, 2023
VexTrio Deploys DNS-based TDS Server
In early 2022, Infoblox detected a widespread attack involving compromised WordPress websites that conditionally redirect visitors to intermediary command and control (C2) and dictionary domain generation algorithm (DDGA) domains.
Webinar
Dr. Renée Burton
September 5, 2023
Decoy Dog is No Ordinary Pupy: Separating a Sly DNS Malware from the Pack
In April 2023, Infoblox disclosed the discovery of Decoy Dog, a malware toolkit that uses the domain name system (DNS) to perform command and control (C2).
Blog
Renée Burton
September 26, 2023
Introducing DNS Threat Actors
Everyone loves a good whodunit. As the story of the recent attacks on MGM International and Caesars Entertainment unfolded, major news outlets competed to attribute an attacker to the ransomware that shut down a large portion of MGM operations.
Blog
Infoblox Threat Intel
October 3, 2023
Lookalike Domain Attacks are on the Rise. Be on the Lookout for these Four Types.
Explore the rise of lookalike domain attacks and their potential threats.
Blog
Infoblox Threat Intel
October 5, 2023
RDGAs: The New Face of DGAs
Think you know what DGA means? Think Again. RDGAs are used to register tens of thousands of domains by DNS threat actors every day.
Blog
Infoblox Threat Intel
October 12, 2023
Open Tangle Creates a Phishing Net for Consumers
Recently we introduced the concept of DNS threat actors and promised a series of portfolios to share details of actors we track; this article is the first.
Blog
Renée Burton
October 17, 2023
Click Here to Talk to an Attacker: How Bad Guys are Undermining Trust in Multi-factor Authentication (MFA)
Discover the rising threat of MFA lookalike domains and how they are exploited for account takeovers. Learn how the new Rapid Domain Triage capability can protect you!
Solution Note
Infoblox
October 31, 2023
DNS-Based Threat Hunting for Unveiling Threats Early Before They Strike
The scope of DNS is enormous. There are now 1589 top level domains and 200,000 new
domains are created everyday.
Research Report
Laura da Rocha, Renée Burton, Stelios Chatzistogias and Darby Wise
October 31, 2023
Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime
The cybercrime economy is the world’s third largest, with an estimated $8 trillion value in 2023, and Prolific Puma is part of the supply chain.
Blog
Infoblox Threat Intel
October 31, 2023
Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime
Learn how a link shortening service that supports cybercrime remained undetected for years and was discovered via Domain Name Service (DNS) analytics.
Media Article
Krebs on Security
October 31, 2023
.US Harbors Prolific Malicious Link Shortening Service
Researchers at Infoblox say they’ve been tracking what appears to be a three-year-old link shortening service that is catering to phishers and malware purveyors.
Media Article
BetaNews
6 months ago
Prolific Puma protects pernicious phishing plotters
We’re all familiar with link shortening services, those handy tools that allow you to shrink URLs down to a manageable size to make them easier to share.
Webinar
Brent Eskridge
December 13, 2023
SMS Cybercrime: a DNS Perspective
As email protection has increased, criminals have moved to attack users through SMS and other text messaging services.
Blog
Infoblox Threat Intel
December 21, 2023
Infoblox discovers rare Decoy Dog C2 exploit
Learn how multiple DNS threat actors and their infrastructures were found, revealing over 7,000 USPS-themed phishing domains.
Report
Christopher Kim and Randy McEoin
January 23, 2024
Cybercrime Central: Vextrio Operates Massive Criminal Affiliate Program
While cybercriminals are often portrayed as gangs of hackers or lone brilliant coders, more often, they buy and sell goods and services as part of a larger criminal economy.
Blog
Infoblox Threat Intel
January 23, 2024
Cybercrime Central: VexTrio Operates Massive Criminal Affiliate Program
DNS threat actor VexTrio runs a large-scale criminal affiliate program including ClearFake and SocGholish actors.
Media Article
Dark Reading
January 23, 2024
VexTrio' TDS: The Biggest Cybercrime Operation on the Web?
The traffic distribution system supports tens of thousands of malicious domains and cyberattack campaigns that reach far and wide globally.
Webinar
Dr. Renée Burton
February 7, 2024
Traffic Distribution Systems at the Heart of Cybercrime
In mainstream media, cybercriminals are often portrayed as exotic figures that employ dark arts of computer programming to disrupt social order.
Media Article
TechRepublic
February 9, 2024
Infoblox says IT Pros Are Missing This Mega-Threat From Organised Global Cyber Criminals
Cyber security threat actor VexTrio is flying under the radar for most APAC region cyber security professionals because it is a web traffic distribution middle man rather than an endpoint source of malware.
Solution Note
Infoblox
February 13, 2024
SOC Insights
Apply AI-driven analytics to turn vast amounts of event, network, ecosystem, and DNS intelligence data into actionable insights to elevate SecOps efficiency.
Blog
Infoblox Threat Intel
February 20, 2024
Ivanti Connect Secure VPN Exploitation – Correctly Interpreting DNS IoCs
Domains in a list of IoCs such as the ones found in recent articles about attacks involving Ivanti 0-days are a valuable product of incident response, but they can’t simply be added to a blocklist.
Report
Infoblox Threat Intel
February 28, 2024
Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads
A persistent investment fraud actor who leverages DNS CNAME records as a traffic distribution system (TDS) to control access to their malicious content spread through Facebook ads.
Blog
Infoblox Threat Intel
February 28, 2024
Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads
Learn how the threat actor Savvy Seahorse Facebook ads to lure users to fake investment platforms and leverages DNS to allow their attacks to persist for years.
Media Article
Bleeping Computer
February 28, 2024
Savvy Seahorse gang uses DNS CNAME records to power investor scams
A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns.
Solution Note
Infoblox
April 26, 2024
Infoblox Threat Intel
Uplift the entire security stack by optimizing your custom blend of threat intelligence.
Solution Note
Infoblox
April 26, 2024
Threat Insight
Real Time Inspection of Enterprise Network DNS Traffic to Detect Unknown Threats.
Press Release
Infoblox Threat Intel
April 29, 2024
Muddling Meerkat Press Release
Santa Clara, Calif., April 29, 2024 — Infoblox Inc., a leader in cloud networking and security services, today announced that its threat intel researchers,…
Report
Infoblox Threat Intel
April 29, 2024
Muddling Meerkat Report
Sometimes there are threats we can observe but not fully understand. This might be doubly
true when the evidence comes from Domain Name System (DNS) logs.
Blog
Dr. Renée Burton
April 29, 2024
Muddling Meerkat Blog Post
This paper introduces a perplexing actor, Muddling Meerkat, who appears to be a People’s Republic of China (PRC) nation state actor.
Blog
Infoblox Threat Intel
May 28, 2024
VexTrio Viper Adds a New DNS TDS Domain
Learn how VexTrio Viper adapts to industry reporting and about the role of Infoblox Threat Intel in identifying and responding to these changes. Despite their adaptations, VexTrio Viper is still detectable.
Blog
Renée Burton and Dave Mitchell
June 3, 2024
What a Show! An Amplified Internet Scale DNS Probing Operation
Learn how Chinese actors are probing DNS networks around the world and how an attack surface management tool is amplifying the suspicious activity.
Research Report
Infoblox Threat Intel
July 17, 2024
REGISTERED DGAs: The Prolific New Menace No One Is Talking About
Registered domain generation algorithms (RDGAs) are a programmatic mechanism that allows threat actors to create many domain names at once, or over time, to register for use in their criminal infrastructure.
Blog
James Barnett
July 17, 2024
RDGAs: The Next Chapter in Domain Generation Algorithms
Infoblox Threat Intel exposes registered DGAs (RDGAs), the novel DGAs used by threat actors like Revolver Rabbit to deliver XLoader, Hancitor, and other malware.
Press Release
Infoblox Threat Intel
July 17, 2024
Revolver Rabbit’s Million-Dollar Masquerade: Infoblox Uncovers The Hidden World of RDGAs
Santa Clara, Calif., July 17, 2024 — Infoblox Threat Intel released a threat landscape study of the use of registered domain generation algorithms (RDGAs) by malicious actors today.
Media Article
Scoop (213K UVM)
July 18, 2024
Revolver Rabbit’s Million-Dollar Masquerade: Infoblox Uncovers The Hidden World of RDGAs
Infoblox Threat Intel has developed multiple algorithms to discover and track RDGAs in the wild, including patent pending detection of emerging clusters of RDGA domains.
Media Article
Bleeping Computer
July 18, 2024
Revolver Rabbit gang registers 500,000 domains for malware campaigns
A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems.
Media Article
Tech Radar
July 19, 2024
Criminals are spending millions on malicious domains — and it's paying off for them in a big way
To host command and control (C2) servers, distribute malware, or perform other malicious activities, hackers need a domain name.
Report
Maël Le Touz, Jacques Portal, Renée Burton,
and Elena Puga
July 22, 2024
Vigorish Viper: A Venomous Bet
This groundbreaking report unveils the discovery of a technology suite and its connection to Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia.
Blog
Maël Le Touz, Jacques Portal, Renée Burton,
and Elena Puga
July 22, 2024
Gambling is No Game: DNS Links Between Chinese Organized Crime and Sports Sponsorships
Learn how the detection of a single anomalous domain led to the discovery of a vast enterprise leveraging sports sponsorships for Chinese organized crime.
Press Release
Infoblox Threat Intel
July 22, 2024
Infoblox Exposes: Chinese Cybercrime Syndicate Linking European Football Sponsors, Human Trafficking and a Trillion-Dollar Illegal Gambling Economy
Santa Clara, Calif., July 22, 2024 — Infoblox Inc., a leader in cloud networking and security services, today announced a significant breakthrough in cybercrime…
Media Article
Dark Reading
July 22, 2024
Chinese Forced-Labor Ring Sponsors Football Clubs, Hides Behind Stealth Tech
An illegal gambling empire fueled by modern-day slavery is being propped up by high-profile sponsorships — and defended with sophisticated anti-detection software.
Media Article
The Hacker News
July 22, 2024
Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking
A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced “technology suite”…
Media Article
Josimar
July 22, 2024
The Hydra
A whirlwind of short-lived Asian gambling brands have taken over European football in recent seasons. Now, a US cybersecurity firm has proof that they are nearly all one-and-the-same entity.
Media Article
Security Review (UVM 10,136)
July 24, 2024
Dirty Money, Dirty Games: Infoblox Exposes Football Sponsor’s Dark Secret
Infoblox has announced a significant breakthrough in cybercrime investigation with the unmasking of a threat actor that the company has named “Vigorish Viper.”
Blog
Kat Persighetti
July 29, 2024
Olympics Scammers Take Their Marks, Get Set, and Go!
Every iteration of the Olympic games is a major global event – fueling pride and competition, watched by millions in homes around the world,…
Blog
Infoblox Threat Intel
July 31, 2024
Who Knew? Domain Hijacking Is So Easy
Learn about the insidious DNS attack vector that threat actors are using to hijack domains from major brands, government institutions…
Blog
Infoblox Threat Intel
August 12, 2024
From Click to Chaos: Bouncing Around in Malicious Traffic Distribution Systems
Cybercriminals are using traffic distribution systems to redirect victims through massive networks filled with scams and malware.
Webinar
Infoblox Threat Intel
August 19, 2024
The Big Ruse
Discover how Infoblox Threat Intel uncovered the Vigorish Viper cybercrime network. This webinar dives into DNS analysis, reverse engineering, and investigative techniques that exposed a sophisticated criminal operation…
Blog
Infoblox Threat Intel
September 18, 2024
No, Elon Musk was not in the U.S. Presidential Debate
Cybercriminals used presidential debate-themed deep fake YouTube videos to advertise cryptocurrency scams.
Blog
Dave Mitchell and Adam Casella
October 15, 2024
Beware of Domain Collisions: Are Your Internal Domains Registered Externally?
Learn why understanding this risk is crucial for safeguarding your organization’s digital identity and preventing unauthorized access.
Blog
Brent Eskridge
October 16, 2024
Cybersecurity Awareness Month: Secure Our World with DNS
DNS is a powerful for everyone from individuals to multi-national organizations to improve security against a variety of threats.
Blog
Bart Lenaerts-Bergmans
October 23, 2024
Threat Actors Abuse DNS to Con Consumers
Explore why cybercriminals like DNS. Learn more about recent weaponizations and how to protect.
Research Report
Infoblox Threat Intel
November 14, 2024
DNS Predators Attack: Vipers and Hawks Hijack Sitting Ducks Domains
It all began with a lookalike domain. The domain was crafted to look like a Slack hosting resource, but it was hosted in Russia. Simple phishing?
Blog
Infoblox Threat Intel
November 14, 2024
DNS Predators Hijack Domains to Supply their Attack Infrastructure
Learn how DNS threat actors hijack domains and use them in their malicious campaigns.