| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Ruthless Rabbit has been running investment scam campaigns since November 2022, primarily targeting users in Russia, Poland, Romania, and Kazakhstan. The actor utilizes RDGA patterns to create over 2,600 domains, hosted on multiple dedicated IPs, and employs a cloaking service for validation checks on user leads. Their campaigns have included themes such as Baltic Pipe financial scams and spoofing well-known platforms like WhatsApp and Google Finance. The most prevalent campaign theme involves a spoofed news article from "Channel One" promoting the "GazInvest" platform with promises of high returns.
There are currently no families associated with this actor.
| 2025-04-28
⋅
Infoblox
⋅
Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams Reckless Rabbit Ruthless Rabbit |