{"id":5258,"date":"2020-06-08T17:32:44","date_gmt":"2020-06-09T00:32:44","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5258"},"modified":"2024-04-26T13:21:24","modified_gmt":"2024-04-26T20:21:24","slug":"new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/","title":{"rendered":"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints"},"content":{"rendered":"<p>Authors: Jon Armer, Ren\u00e9e Burton, Minh Hoang, Vadym Tymchenko<br \/>\nTLP:WHITE<\/p>\n<p>From 20 May through 6 June, Infoblox observed a series of large malicious spam (malspam) campaigns distributing a new malware available on the dark web, coined Taurus Project by its developers. It is advertised in Russian forums as an information stealer (infostealer) with a wide array of capabilities, including stealing VPN, social media, and cryptocurrency credentials; and taking screenshots of the victim\u2019s desktop. It can also exfiltrate the system\u2019s software installation and configuration information, which gives an attacker the ability to further exploit the compromised machine. The malware is advertised to work in both Google Chrome and Gecko-based browsers, and designed not to launch in certain countries that were formerly part of the Soviet Union.<\/p>\n<p>Authors of the Predator the Thief infostealer promoted the new software in Russian hacker forums in early April 2020. These threat actors disavowed any connection to its development or sale, and further indicated that Predator was \u201cclosed\u201d and presumably no longer for sale. Infoblox\u2019s research and analysis found noticeable similarities between the two malware, including similar lures, command and control (C2) servers, etc. We have previously written Cyber Campaign Briefs on Predator the Thief.<\/p>\n<p>All of the specific Taurus Project campaigns we analyzed share a number of overlapping similarities that indicate they originate from the same threat actor, despite differences in certain aspects such as subject lines, sender names, and the type of lure used. Our analysis indicates this actor is maturing their deployment process, so we expect to see more campaigns delivering Taurus Project in the future.<\/p>\n<p>The campaigns we observed were widespread and consisted of emails with subject lines that initially urged the recipient to open the enclosed attachment, then later changed to lures that refer to an agreement or include some form of threat of legal action. In our final example, they masqueraded as eBay. The attacks targeted a range of industry sectors, including finance and home goods.<\/p>\n<p>The emails were all in English, though they showed signs of automatically generated content and translation software typical of hackers operating outside of their native language. All of the emails are in HTML format, which is rendered by default in most email clients.<\/p>\n<p>Across the campaigns, we observed the actor adjusting their deployment methods. They initially used a\u00a0single attached document and later used embedded URLs in the bodies of the emails. We were able to connect the campaigns to a single infrastructure through several means.<\/p>\n<p>Infoblox\u2019s full report on this campaign will be available soon on our<a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\"> Threat Intelligence Reports<\/a> page.<\/p>\n<p><strong>Endnotes<\/strong><\/p>\n<p><a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence--55\">https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence&#8211;55<\/a><\/p>\n<p><a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence--50\">https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence&#8211;50<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authors: Jon Armer, Ren\u00e9e Burton, Minh Hoang, Vadym Tymchenko TLP:WHITE From 20 May through 6 June, Infoblox observed a series of large malicious spam (malspam) campaigns distributing a new malware available on the dark web, coined Taurus Project by its developers. It is advertised in Russian forums as an information stealer (infostealer) with a wide [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":4338,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[189,32,40],"class_list":{"0":"post-5258","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-cybersecurity","9":"tag-malware","10":"tag-threat-intelligence","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints<\/title>\n<meta name=\"description\" content=\"From 20 May through 6 June, Infoblox observed a series of large malicious spam (malspam) campaigns distributing a new malware available on the dark web, coined Taurus Project by its developers. It is advertised in Russian forums as an information stealer (infostealer) with a wide array of capabilities, including stealing VPN, social media, and cryptocurrency credentials; and taking screenshots of the victim\u2019s desktop.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints\" \/>\n<meta property=\"og:description\" content=\"From 20 May through 6 June, Infoblox observed a series of large malicious spam (malspam) campaigns distributing a new malware available on the dark web, coined Taurus Project by its developers. It is advertised in Russian forums as an information stealer (infostealer) with a wide array of capabilities, including stealing VPN, social media, and cryptocurrency credentials; and taking screenshots of the victim\u2019s desktop.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-09T00:32:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:21:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cybersecurity-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"613\" \/>\n\t<meta property=\"og:image:height\" content=\"343\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints\",\"datePublished\":\"2020-06-09T00:32:44+00:00\",\"dateModified\":\"2024-04-26T20:21:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/\"},\"wordCount\":457,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cybersecurity-featured-image.jpg\",\"keywords\":[\"Cybersecurity\",\"Malware\",\"Threat Intelligence\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/\",\"name\":\"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cybersecurity-featured-image.jpg\",\"datePublished\":\"2020-06-09T00:32:44+00:00\",\"dateModified\":\"2024-04-26T20:21:24+00:00\",\"description\":\"From 20 May through 6 June, Infoblox observed a series of large malicious spam (malspam) campaigns distributing a new malware available on the dark web, coined Taurus Project by its developers. It is advertised in Russian forums as an information stealer (infostealer) with a wide array of capabilities, including stealing VPN, social media, and cryptocurrency credentials; and taking screenshots of the victim\u2019s desktop.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cybersecurity-featured-image.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cybersecurity-featured-image.jpg\",\"width\":613,\"height\":343},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints","description":"From 20 May through 6 June, Infoblox observed a series of large malicious spam (malspam) campaigns distributing a new malware available on the dark web, coined Taurus Project by its developers. It is advertised in Russian forums as an information stealer (infostealer) with a wide array of capabilities, including stealing VPN, social media, and cryptocurrency credentials; and taking screenshots of the victim\u2019s desktop.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/","og_locale":"en_US","og_type":"article","og_title":"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints","og_description":"From 20 May through 6 June, Infoblox observed a series of large malicious spam (malspam) campaigns distributing a new malware available on the dark web, coined Taurus Project by its developers. It is advertised in Russian forums as an information stealer (infostealer) with a wide array of capabilities, including stealing VPN, social media, and cryptocurrency credentials; and taking screenshots of the victim\u2019s desktop.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/","og_site_name":"Infoblox Blog","article_published_time":"2020-06-09T00:32:44+00:00","article_modified_time":"2024-04-26T20:21:24+00:00","og_image":[{"width":613,"height":343,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cybersecurity-featured-image.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints","datePublished":"2020-06-09T00:32:44+00:00","dateModified":"2024-04-26T20:21:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/"},"wordCount":457,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cybersecurity-featured-image.jpg","keywords":["Cybersecurity","Malware","Threat Intelligence"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/","name":"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cybersecurity-featured-image.jpg","datePublished":"2020-06-09T00:32:44+00:00","dateModified":"2024-04-26T20:21:24+00:00","description":"From 20 May through 6 June, Infoblox observed a series of large malicious spam (malspam) campaigns distributing a new malware available on the dark web, coined Taurus Project by its developers. It is advertised in Russian forums as an information stealer (infostealer) with a wide array of capabilities, including stealing VPN, social media, and cryptocurrency credentials; and taking screenshots of the victim\u2019s desktop.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cybersecurity-featured-image.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cybersecurity-featured-image.jpg","width":613,"height":343},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/new-malware-variant-project-taurus-infostealer-follows-in-predator-the-thiefs-footprints\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"New Malware Variant: Project Taurus Infostealer Follows in Predator the Thief\u2019s Footprints"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5258"}],"version-history":[{"count":5,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5258\/revisions"}],"predecessor-version":[{"id":5313,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5258\/revisions\/5313"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/4338"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}