{"version":"1.0","provider_name":"Infoblox Blog","provider_url":"https:\/\/www.infoblox.com\/blog","author_name":"Infoblox Threat Intel","author_url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/","title":"AZORult Infostealer","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"gypRT8aHMp\"><a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/azorult-infostealer\/\">AZORult Infostealer<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/azorult-infostealer\/embed\/#?secret=gypRT8aHMp\" width=\"600\" height=\"338\" title=\"&#8220;AZORult Infostealer&#8221; &#8212; Infoblox Blog\" data-secret=\"gypRT8aHMp\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.infoblox.com\/blog\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/september1-1-1.jpg","thumbnail_width":660,"thumbnail_height":454,"description":"From 3 to 4 November, Infoblox observed fashion and beauty-themed malicious spam (malspam) campaigns that delivered AZORult information stealer (infostealer) via Microsoft Excel spreadsheets (XLS) with malicious macros. These spreadsheets used living off the land (LotL) techniques that abused preexisting software on the victim\u2019s machine in order to perform malicious tasks."}