By visiting our site, you agree to our privacy policy regarding cookies, tracking statistics, etc.

bsides-exe-logo
Tickets
infoblox-logo

Introducing Infoblox, our Gold sponsor!

Introducing Infoblox Threat Intel

DNS All Day, Every Day

 

DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access give us a high-powered scope to zero in on cyber threats.

How Infoblox creates original DNS threat intelligence:

  • DNS Experts: We discover threat actors hiding in DNS because we know where to look. Starting with suspicious domains, we connect the dots and identify actor infrastructure, then begin tracking it as it evolves. We identify new domains as they emerge so customers are continually protected.
  • Threat Expertise: We know how malicious actors operate and how malware, phishing, and other threats manifest in DNS. We’ve used this knowledge to develop specialized systems to detect lookalike domains, DNS C2 malware, registered domain generation algorithms (RDGAs) and suspicious behavior.
  • Data Science: We use machine learning and data science to analyze very large volumes of DNS queries every day to provide near-real-time protection against data exfiltration, domain generation algorithms (DGAs) and a wide range of other threats.

We’re proactive, not just defensive, using our insights to track threat actor infrastructure and disrupt cybercrime where it begins.

MUDDLING MEERKAT

A cunning actor abusing open resolvers worldwide with MX records and triggering China’s Great Firewall to act mysteriously.

Why is this special? First documentation of modified DNS MX records by the Great Firewall.

READ MORE ABOUT MUDDLING MEERKAT

SAVVY SEAHORSE

A persistent investment fraud actor who leverages DNS CNAME records as a traffic distribution system (TDS) to control access to their malicious content spread through Facebook ads.

Why is this special? First description of the use of DNS CNAME records by threat actors to control and direct content for users.

READ MORE ABOUT SAVVY SEAHORSE

VEXTRIO VIPER

The longest-running traffic distribution system (TDS) known in the industry with the largest number of criminal affiliates, brokering traffic for others while delivering malicious campaigns of their own.

Why is this special? First identification of a large-scale TDS discovered through DNS and the use of a dictionary domain generation algorithm (DDGA).

READ MORE ABOUT VEXTRIO VIPER

PROLIFIC PUMA

A malicious link shortening service used by criminals to target consumers worldwide. This actor successfully overcame privacy controls for the usTLD before being exposed by Infoblox.

Why is this special? First description of a malicious link shortener in the industry.

READ MORE ABOUT PROLIFIC PUMA

DECOY DOG

A nation-state DNS C2 malware toolkit. Confirmed to be an advanced variant of Pupy RAT, Russian security vendors later claimed Decoy Dog was used to disrupt Russian critical infrastructure.

Why is this special? First discovery and characterization of a C2 malware solely from DNS.

READ MORE ABOUT DECOY DOG

VISIT OUR WEBSITE TO LEARN MORE ABOUT INFOBLOX THREAT INTEL

We also believe in sharing knowledge to support the broader security community by publishing detailed research on select actors and associated indicators. You can read more about some of our recent finds below.

LEARN MORE ABOUT INFOBLOX THREAT INTEL AND ACCESS YOUR FREE TRIAL

Check out Infoblox

Visit us