Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This report analyzes common techniques, tactics, and procedures (TTPs) used by several investment scam actors who lure victims with fake platforms, including crypto exchanges. Key TTPs include registering large numbers of domains algorithmically, embedding similar web forms to collect user data, hiding activity through traffic distribution systems, leveraging fake news with celebrity endorsements, and sharing website structures indicative of using kits. The report focuses on two notable actors, Reckless Rabbit and Ruthless Rabbit, detailing their distinct characteristics and DNS exploitation methods. It highlights the importance of DNS in building and maintaining scam infrastructure, emphasizing the use of registered domain generation algorithms (RDGAs) and traffic distribution systems (TDSs) to strengthen resilience and evade detection.
OPENCTI LABELS :
social engineering,cryptocurrency,investment scams,dns exploitation,registered domain generation algorithms
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams