The Next Level: Typo DGAs Used in Malicious Redirection Chains

SUMMARY :

A new campaign leveraging newly registered domains (NRDs) and a novel variant of domain generation algorithms (DGAs) has been uncovered. The campaign used over 6,000 NRDs redirecting to domains resembling dictionary-based DGAs. These NRDs led to advertisements of potentially unwanted Android applications. Further investigation revealed 444,898 NRDs belonging to the same actor, redirecting to 178 domains exhibiting 'typo DGA' characteristics. This new pattern combines dictionary words with typographical errors, potentially designed to evade traditional detection methods. The campaign utilized shared WHOIS information, hosting infrastructure, and epoch timestamp subdomains for redirections. The findings highlight the need for advanced detection capabilities to combat evolving malicious techniques.

OPENCTI LABELS :

dictionary dga,typo dga,newly registered domains


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The Next Level: Typo DGAs Used in Malicious Redirection Chains