Infoblox Threat Intel<p>Cybercriminals incorporate artificial intelligence (AI) to be more effective across their businesses functions. In most cases, the technology contributes to the actor's code development or augments their socially-engineered attacks. We provided a real example of this last year in September when we published about youtube account hijackers that use deepfake videos of Elon Musk for a crypto giveaway scam (<a href="https://blogs.infoblox.com/threat-intelligence/no-elon-musk-was-not-in-the-us-presidential-debate/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.infoblox.com/threat-inte</span><span class="invisible">lligence/no-elon-musk-was-not-in-the-us-presidential-debate/</span></a>). We recently saw similar techniques deployed by a threat actor that we track as Reckless Rabbit (<a href="https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.infoblox.com/threat-inte</span><span class="invisible">lligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/</span></a>). However, instead of youtube videos, they directly integrate deepfakes into their websites.<br> <br>Reckless Rabbit began targeting Japanese-speaking users several months ago. They deliver fake web articles that promote non-existent investment programs. These are not your typical scam web pages. They've been enriched with deepfake AI-generated videos of high profile financial leaders including Elon Musk and Masayoshi Son. They also try to add legitimacy to the report by including artificially-drafted and positive reviews from fictitious netizens. Traditionally, the news content was mostly comprised of just text, static images, and links.<br> <br>Prior to this change, they were predominantly targeting internet users in Eastern European countries. They continue to use dictionary-based Registered Domain Generation Algorithm (RDGA) domains and Facebook ads for navigating victims to fake news articles.<br> <br>Reckless Rabbit employs a variety of article lures; below, we've highlighted domains specifically used in their Japanese investment scam campaigns. These sites employ deepfake videos embedded with Japanese captions. The articles impersonate one of Japan's major newspaper companies Yomiuri Shimbun and contain a registration button for the fake investment platform called "Finance Legend". After clicking it, the page redirects the victim to a contact webform. Based on the contents of the articles, presumably, the threat actor will follow up with the victim using the provided contact details and encourage them to make a deposit in exchange for a future return that is much greater than the investment.<br> <br>bullpimpletruth[.]com<br>calmsixgenerous[.]com<br>chivenotepoisonwish[.]com<br>clarinetmonday[.]com<br>deeplyblowgrape[.]com<br>earlycoindadsummer[.]com<br>fertilerare[.]com<br>premiumsquarecircle[.]com<br>purplecombshop[.]com<br>surnamewinter[.]com<br> <br>Attached to this message, we've included a screenshot of the fake news article lure, as well as a screen recording of our interaction with the scam website and deepfake video.<br> <br><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scam</span></a> <a href="https://infosec.exchange/tags/deepfake" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deepfake</span></a> <a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://infosec.exchange/tags/elonmusk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>elonmusk</span></a> <a href="https://infosec.exchange/tags/masayoshi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>masayoshi</span></a> <a href="https://infosec.exchange/tags/japan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>japan</span></a> <a href="https://infosec.exchange/tags/yomiurishimbun" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yomiurishimbun</span></a> <a href="https://infosec.exchange/tags/recklessrabbit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>recklessrabbit</span></a> <a href="https://infosec.exchange/tags/investment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>investment</span></a> <a href="https://infosec.exchange/tags/rdga" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rdga</span></a> <a href="https://infosec.exchange/tags/ddga" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ddga</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
205active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#ddga
0 posts · 0 participants · 0 posts today
Infoblox Threat Intel<p>We just released a landscape review of Registered DGAs. We review the many ways threat actors are leveraging these algorithms -- including malware, phishing, scams, porns, you name it. Our RDGA detectors find tens of thousands of domains every day, and we've seen the use continue to rise over the last several years. Most folks aren't even aware since actors are doing this in DNS and it often isn't obvious. <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/RDGA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RDGA</span></a> <a href="https://infosec.exchange/tags/DGA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DGA</span></a> <a href="https://infosec.exchange/tags/DDGA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DDGA</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/scams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scams</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/threatactor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatactor</span></a> <a href="https://infosec.exchange/tags/c2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>c2</span></a> <a href="https://infosec.exchange/tags/revolverrabbit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>revolverrabbit</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyber</span></a> <a href="https://infosec.exchange/tags/cyberintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberintelligence</span></a> <a href="https://infosec.exchange/tags/xloader" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xloader</span></a> <a href="https://infosec.exchange/tags/formbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>formbook</span></a> <a href="https://infosec.exchange/tags/abusedtld" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>abusedtld</span></a> <a href="https://insights.infoblox.com/resources-research-report/infoblox-research-report-registered-dgas-the-prolific-new-menace-no-one-is-talking-about" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">insights.infoblox.com/resource</span><span class="invisible">s-research-report/infoblox-research-report-registered-dgas-the-prolific-new-menace-no-one-is-talking-about</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload