Source: New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks (thehackernews.com)

Decoy Dog, as the name implies, is evasive and employs techniques like strategic domain aging and DNS query dribbling, wherein a series of queries are transmitted to the command-and-control (C2) domains so as to not arouse any suspicion.

"Decoy Dog is a cohesive toolkit with a number of highly unusual characteristics that make it uniquely identifiable, particularly when examining its domains on a DNS level," Infoblox said in an advisory published late last month.

One of the chief components of the toolkit is Pupy RAT, an open source trojan that's delivered by means of a method called DNS tunneling, in which DNS queries and responses are used as a C2 for stealthily dropping payloads.

It's worth noting that the use of the cross-platform Pupy RAT has been linked to nation-state actors from China such as Earth Berberoka (aka GamblingPuppet) in the past, although there's no evidence to suggest the actor's involvement in this campaign.