DomainTools Solutions Engineer Steven Behm demonstrates how he utilized our passive DNS database (DomainTools DNSDB Scout) in a recent investigation to uncover additional domains related to Octo2's Domain Generation Algorithm (DGA).

By using DNSDB Scout, he conducted a left-sided search to reveal IP addresses associated with specific domains, enabling us to stay ahead of emerging threats. He also showcases how to search for domains matching specific patterns using Regex, enhancing our investigative capabilities.

Our Passive DNS database is valuable when it comes to understanding a domain, seeing its evolution over time, and finding other connected domains, including subdomains.

Watch here: https://www.youtube.com/watch?v=L4lxYQU7EqY

#DNS #Octo2 #Malware #CyberSecurity

Thank you @bittner for sharing our recent findings regarding Octo2 on @thecyberwire podcast.

ICYMI: Octo2 also uses a Domain Generation Algorithm (DGA) to create dynamic command and control (C2) server addresses, increasing its resilience against security takedowns.

Listen here: https://thecyberwire.com/podcasts/daily-podcast/2168/transcript

#Octo2 #malware #cybersecurity

Another Day, another new Android Malware
Version. :android: 🐙

A new version of the Octo Android malware (named "Octo2") has been seen spreading across Europe under the guise of NordVPN, Google Chrome and an app called Europe Enterprise. The malware has been spotted in Italy, Poland and Hungary.

https://www.threatfabric.com/blogs/octo2-harder-better-faster-stronger-new-banking-malware-variant-spotted-attacking-europe

#android #octo2 #malware #it #security #privacy #engineer #tech #media #news

The banking trojan, Octo2, now employs a Domain Generation Algorithm (DGA)!

The new variant of the Octo (ExobotCompact) banking trojan, Octo2, is targeting mobile users with several new advanced features. This malware is known for disguising itself as legitimate apps, taking control of the victim’s device to steal sensitive information and commit on-device fraud. For now, the malware has been seen in the wild in Italy, Poland, Moldova, and Hungary, masquerading as apps like NordVPN and Google Chrome. Unfortunately, given its history, it is expected to become global soon.

This new variant, investigated by ThreatFabric, features enhanced functionalities, including a Domain Generation Algorithm (DGA) that dynamically changes its command-and-control (C2) server addresses, making it significantly harder to detect.

Here are some domains associated with this new variant that we have in our collection:

5106c5dbc9e0d004489af35abec41027[.]info
7729f264dc01834757c9f06f2d313e28[.]com
a414602e421935fd057be3c06a3d080c[.]info
53cd7bfaebd095ad083c34f007469ff5[.]biz
5fa5009fb05a5cee1abd7a2dbb6eb948[.]net
8921267492331aabcb4394c801d4e490[.]shop
bbad1dcadd801af41da97ecf292b147f[.]xyz
c80530d100da2e953c21c55d7cb4b86a[.]info
ffce9e39ccdfbe3f1e88806545321ad7[.]org

ThreatFabric report: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

#dns #cybersecurity #InfobloxThreatIntel #Infoblox #Octo #Octo2 #ExobotCompact #Malware #IOCs #threatintel #cybercrime #infosec #dga #c2 #Trojan

New #Android #banking #trojan #Octo2 targets European banks
https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html
#securityaffairs #hacking