Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This intelligence report analyzes common techniques, tactics, and procedures (TTPs) used by threat actors in investment scams, particularly focusing on the abuse of DNS mechanisms. The actors often use registered domain generation algorithms (RDGAs) to create large numbers of domains, embed similar web forms to collect user data, hide activity through traffic distribution systems (TDS), and leverage fake news with celebrity endorsements. The report details two specific actors, Reckless Rabbit and Ruthless Rabbit, examining their distinct RDGA patterns and campaign strategies. It highlights the importance of DNS in detecting and blocking these scams at scale, as actors exploit DNS to build and maintain their infrastructure.
OPENCTI LABELS :
facebook ads,cloaking,dns abuse,web forms,tds,rdga,investment scams
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams