{"id":5546,"date":"2020-09-16T12:42:49","date_gmt":"2020-09-16T19:42:49","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5546"},"modified":"2024-04-26T13:21:15","modified_gmt":"2024-04-26T20:21:15","slug":"raccoon-infostealer-malspam-campaign","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/","title":{"rendered":"Raccoon InfoStealer Malspam Campaign"},"content":{"rendered":"<p><strong>Author: Nick Sundvall<\/strong><\/p>\n<p><strong>TLP: WHITE<\/strong><\/p>\n<p>On 1 September, we observed a malicious spam (malspam) email campaign distributing Raccoon malware. Raccoon, also known as Racealer, is an information stealer (infostealer) that was first observed in April 2019.<sup>1<\/sup><\/p>\n<p>Raccoon can steal credit cards, usernames, passwords, and cryptocurrency wallets.<sup>2<\/sup> Although it has relatively basic features, it is effective and affordable.<\/p>\n<p>Threat actors can reportedly purchase Raccoon from online forums for $75, a reportedly lower-than-average price for similar types of malware.<sup>3<\/sup> Raccoon is a Malware-As-A-Service (MaaS) that allows buyers to receive software updates and support from the sellers.<\/p>\n<p>In this campaign, the threat actor sent emails with the vague subject <em>Purchase Order<\/em>. The emails contained a message body beginning \u201cDear Sir, Pls find enclosed our new purchase order for your reference.\u201c Each email had an attached file named <em>Purchase Order.xlsx<\/em>.<\/p>\n<p>Infoblox\u2019s full report on this campaign will be available soon on our<a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\"> Threat Intelligence Reports<\/a> page.<\/p>\n<p><strong>Endnotes<\/strong><\/p>\n<ol>\n<li><a href=\"https:\/\/www.cyberark.com\/resources\/threat-research-blog\/raccoon-the-story-of-a-typical-infostealer\">https:\/\/www.cyberark.com\/resources\/threat-research-blog\/raccoon-the-story-of-a-typical-infostealer<\/a><\/li>\n<li><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/raccoon-stealers-abuse-of-google-cloudservices- and-multiple-delivery-techniques\/\">https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/raccoon-stealers-abuse-of-google-cloudservices- and-multiple-delivery-techniques\/<\/a><\/li>\n<li><a href=\"https:\/\/www.cyberark.com\/resources\/threat-research-blog\/raccoon-the-story-of-a-typical-infostealer\">https:\/\/www.cyberark.com\/resources\/threat-research-blog\/raccoon-the-story-of-a-typical-infostealer<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Author: Nick Sundvall TLP: WHITE On 1 September, we observed a malicious spam (malspam) email campaign distributing Raccoon malware. Raccoon, also known as Racealer, is an information stealer (infostealer) that was first observed in April 2019.1 Raccoon can steal credit cards, usernames, passwords, and cryptocurrency wallets.2 Although it has relatively basic features, it is effective [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":4882,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[189,299,294,32,318,319],"class_list":{"0":"post-5546","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-cybersecurity","9":"tag-infostealer","10":"tag-malspam","11":"tag-malware","12":"tag-raccoon","13":"tag-racealer","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Raccoon InfoStealer Malspam Campaign<\/title>\n<meta name=\"description\" content=\"On 1 September, we observed a malicious spam (malspam) email campaign distributing Raccoon malware. Raccoon, also known as Racealer, is an information stealer (infostealer) that was first observed in April 2019.1Raccoon can steal credit cards, usernames, passwords, and cryptocurrency wallets.2 Although it has relatively basic features, it is effective and affordable.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Raccoon InfoStealer Malspam Campaign\" \/>\n<meta property=\"og:description\" content=\"On 1 September, we observed a malicious spam (malspam) email campaign distributing Raccoon malware. Raccoon, also known as Racealer, is an information stealer (infostealer) that was first observed in April 2019.1Raccoon can steal credit cards, usernames, passwords, and cryptocurrency wallets.2 Although it has relatively basic features, it is effective and affordable.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-16T19:42:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:21:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"383\" \/>\n\t<meta property=\"og:image:height\" content=\"254\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Raccoon InfoStealer Malspam Campaign\",\"datePublished\":\"2020-09-16T19:42:49+00:00\",\"dateModified\":\"2024-04-26T20:21:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/\"},\"wordCount\":177,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"keywords\":[\"Cybersecurity\",\"infostealer\",\"Malspam\",\"Malware\",\"raccoon\",\"racealer\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/\",\"name\":\"Raccoon InfoStealer Malspam Campaign\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"datePublished\":\"2020-09-16T19:42:49+00:00\",\"dateModified\":\"2024-04-26T20:21:15+00:00\",\"description\":\"On 1 September, we observed a malicious spam (malspam) email campaign distributing Raccoon malware. Raccoon, also known as Racealer, is an information stealer (infostealer) that was first observed in April 2019.1Raccoon can steal credit cards, usernames, passwords, and cryptocurrency wallets.2 Although it has relatively basic features, it is effective and affordable.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"width\":383,\"height\":254},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/raccoon-infostealer-malspam-campaign\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Raccoon InfoStealer Malspam Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Raccoon InfoStealer Malspam Campaign","description":"On 1 September, we observed a malicious spam (malspam) email campaign distributing Raccoon malware. Raccoon, also known as Racealer, is an information stealer (infostealer) that was first observed in April 2019.1Raccoon can steal credit cards, usernames, passwords, and cryptocurrency wallets.2 Although it has relatively basic features, it is effective and affordable.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/","og_locale":"en_US","og_type":"article","og_title":"Raccoon InfoStealer Malspam Campaign","og_description":"On 1 September, we observed a malicious spam (malspam) email campaign distributing Raccoon malware. Raccoon, also known as Racealer, is an information stealer (infostealer) that was first observed in April 2019.1Raccoon can steal credit cards, usernames, passwords, and cryptocurrency wallets.2 Although it has relatively basic features, it is effective and affordable.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/","og_site_name":"Infoblox Blog","article_published_time":"2020-09-16T19:42:49+00:00","article_modified_time":"2024-04-26T20:21:15+00:00","og_image":[{"width":383,"height":254,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Raccoon InfoStealer Malspam Campaign","datePublished":"2020-09-16T19:42:49+00:00","dateModified":"2024-04-26T20:21:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/"},"wordCount":177,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","keywords":["Cybersecurity","infostealer","Malspam","Malware","raccoon","racealer"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/","name":"Raccoon InfoStealer Malspam Campaign","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","datePublished":"2020-09-16T19:42:49+00:00","dateModified":"2024-04-26T20:21:15+00:00","description":"On 1 September, we observed a malicious spam (malspam) email campaign distributing Raccoon malware. Raccoon, also known as Racealer, is an information stealer (infostealer) that was first observed in April 2019.1Raccoon can steal credit cards, usernames, passwords, and cryptocurrency wallets.2 Although it has relatively basic features, it is effective and affordable.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","width":383,"height":254},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/raccoon-infostealer-malspam-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Raccoon InfoStealer Malspam Campaign"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5546"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5546\/revisions"}],"predecessor-version":[{"id":5547,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5546\/revisions\/5547"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/4882"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}