{"version":"1.0","provider_name":"Infoblox Blog","provider_url":"https:\/\/www.infoblox.com\/blog","author_name":"Infoblox Threat Intel","author_url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/","title":"Fake Kaseya Patch Malspam Campaign","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"QGH6lTHBER\"><a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/fake-kaseya-patch-malspam-campaign\/\">Fake Kaseya Patch Malspam Campaign<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/fake-kaseya-patch-malspam-campaign\/embed\/#?secret=QGH6lTHBER\" width=\"600\" height=\"338\" title=\"&#8220;Fake Kaseya Patch Malspam Campaign&#8221; &#8212; Infoblox Blog\" data-secret=\"QGH6lTHBER\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.infoblox.com\/blog\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cybersecurity-featured-image.jpg","thumbnail_width":613,"thumbnail_height":343,"description":"Fake Kaseya Patch Malspam Campaign. On 6 July, we observed a malspam campaign that was distributing an executable file containing Cobalt Strike: a legitimate, commercially available penetration-testing tool frequently abused by threat actors. Taking advantage of the recent ransomware attack on users of Kaseya\u2019s remote monitoring and management service VSA, the campaign attempts to get its targets to download and run a file that it claims is the update meant to patch a recently exploited vulnerability in VSA."}