RAM Scrape (Memory-Scraping): The process of scanning or (coloquially, scraping) random access memory (RAM) to recover data. In the case of malware it's looking for sensitive data to send back home to it's C&C system. This is fruitful because data is traditionally stored in RAM in cleartext. This opportunity usually only exists for a very small fraction of a second (miliseconds), during which time the malware snags the data and stores it for later exfiltration
Ransomware : A type of malware that encrypts user data and demands payment to release that data.
RBL (Real-time Blackhole List): See: DNSBL
Registrar : An organization that manages the reservation of Domain Names.
Remote Administration Tool / Remote Access Trojan (RAT): A Trojan used to open a hole in a victim's attack surface and allow for the remote access and administration of a victim's systems.
Resource Record : The basic informational building block of DNS. Resources records contain information that associate FQDNs with IP addresses, and break this information up across several service types. These types are defined in RFCs: 1035 , 1183 , 1664 , 2782 , 2915 , and 3596 but a brief listing of the type codes, and the associated type, is provided to the right. DNS servers refresh the records for their particular type throughout the day, this helps to account for changes in IP addresses associated with given FQDNs, in addition servers are dedicated to particular record types, this helps to alleviate traffic congestion–caused by server requests–that can slow down network traffic.
Record entries all contain the data in the table below, with additional fields defined based on the record type.
|NAME||Node name provided by the record||Variable|
|TYPE||Numerical representation of the type of RR (e.g. 1 for A RRs)||2|
|CLASS||The class code of an RR||2|
|TTL||Number of seconds the RR stays valid (Max is 231-1 or 68 years)||4|
|RDLENGTH||How long the RDATA field is||2|
|RDATA||Any RR-specific data that compliments the above.||Variable, per RDLENGTH|
RFC1918 : IP Addresses designated as a reserved range for internal networks (Class C networks: 192.168.0.0 - 192.168.255.255). Internal IP addresses cannot be used as an address in ThreatSTOP.
Rootkit : A piece of software that hides on a machine and gives a remote user (in control of a C&C system) root/admin privileges on a compromised computer.
Response Policy Zone (RPZ): A mechanism for use by Domain Name System recursive resolvers to allow customized handling of the resolution of collections of domain name information (zones).
Round-robin DNS : A technique of load distribution, balancing, or fault-tolerance using multiple redundant IP service hosts. The order IP addresses from the list are returned is the basis for the term. With each DNS response, the IP address is permuted.
Russian Business Network (RBN): A cybercrime organization specializing in personal identity theft. Originated as an ISP for child porn, phishing, spam, and malware distribution based out of St. Petersburg (Russia). Behind Malware Alarm, and Malware Wiper.