Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams

This report analyzes large-scale investment scam campaigns that use fake ‘profit platforms’ and social-media ads to harvest victims’ personal and financial information; it profiles two actors (Reckless Rabbit and Ruthless Rabbit), describes their techniques—registered domain generation algorithms (RDGAs), traffic distribution systems (TDS), cloaking/validation APIs, wildcard DNS and decoy pages—and provides domain/IP/URL indicators and behavioral patterns to help detect and block the infrastructure.