
Revolver Rabbit's Million-Dollar Masquerade: Infoblox Uncovers The Hidden World Of Rdgas
Infoblox Threat Intel has developed multiple algorithms to discover and track RDGAs in the wild, including patent pending detection of emerging clusters of RDGA domains. With these detectors, Infoblox discovers tens of thousands of new domains every day, capturing them into clusters of actor-controlled assets. Most of these domains surprisingly go unnoticed by the security industry. In the new study of the RDGA threat landscape, Infoblox has found that the use of RDGAs has grown over the past few years and shows how domains created with them are used, including numerous examples from scams to malware.
The most remarkable example included is an RDGA controlled by the actor Infoblox named Revolver Rabbit. This actor has registered over 500,000 domains costing them over $1 million in registration fees. At the same time, discovering the purpose of these domains was a challenge. Infoblox Threat Intel has been tracking Revolver Rabbit for nearly a year but was stumped for months on the threat actor's motivation. How can so many domains be registered without a trace of malicious activity? Recently Infoblox solved the puzzle: Revolver Rabbit uses the RDGA to create command and control (C2) and decoy domains for XLoader (aka Formbook) malware. This malware is an information stealer typically delivered via phishing emails. It must be a profitable malware for Revolver Rabbit given their investment in domain names. Connecting the Revolver Rabbit RDGA to an established malware after months of tracking highlights the importance of understanding RDGAs as a technique within the threat actor's toolbox.
The landscape study shows that RDGAs are a formidable and underestimated threat. Actors can easily scale their spam, malware, and scam operations often without fear of detection by the security industry. Moreover, automation in the domain registration services makes it easy for cybercriminals to use an RDGA. The intent of the study is to raise awareness and shed light on the growing trend in malicious domain registrations.
About Infoblox:
Infoblox unites networking and security to deliver unmatched performance and protection. Trusted by Fortune 100 companies and emerging innovators, we provide real-time visibility and control over who and what connects to your network, so your organization runs faster and stops threats earlier.

Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.
Market Research

- Manuka Honey Market Report 2024, Industry Growth, Size, Share, Top Compan...
- Modular Kitchen Market 2024, Industry Growth, Share, Size, Key Players An...
- Acrylamide Production Cost Analysis Report: A Comprehensive Assessment Of...
- Fish Sauce Market 2024, Industry Trends, Growth, Demand And Analysis Repo...
- Australia Foreign Exchange Market Size, Growth, Industry Demand And Forec...
- Cold Pressed Oil Market Trends 2024, Leading Companies Share, Size And Fo...
- Pasta Sauce Market 2024, Industry Growth, Share, Size, Key Players Analys...
Comments
No comment