Malware, Threat Intelligence

Hundreds of thousands of domains registered for Revolver Rabbit infostealer campaigns

Share
Malware

BleepingComputer reports that more than 500,000 .BOND top-level domains have already been registered by the Revolver Rabbit cybercrime group via registered domain generation algorithms to support the infrastructure used in XLoader information-stealing malware campaigns against Windows and macOS systems.

Most domains created by Revolver Rabbit contained at least one dictionary word and a five-digit number separated from each other by a dash, a report from Infoblox showed. While Revolver Rabbit's .BOND domains were most evident, the threat operation was noted by Infoblox Vice President of Threat Intelligence Renee Burton to have already established over 700,000 domains across various TLDs, "Connecting the Revolver Rabbit RDGA to an established malware after months of tracking highlights the importance of understanding RDGAs as a technique within the threat actor's toolbox," said Infloblox. Such findings follow a Security Joes report detailing that XLoader precursor FormBook only had a singular legitimate .BOND TLD used for its command-and-control servers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.