{"id":5765,"date":"2020-12-10T21:48:16","date_gmt":"2020-12-11T05:48:16","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5765"},"modified":"2024-04-26T13:21:04","modified_gmt":"2024-04-26T20:21:04","slug":"malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/","title":{"rendered":"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware"},"content":{"rendered":"<p><strong>Author: James Barnett<\/strong><\/p>\n<p><strong>TLP: WHITE<\/strong><\/p>\n<p>Between 23 November and 8 December, Infoblox observed multiple malicious spam (malspam) campaigns that all used DocuSign-themed lures to entice users to download and open Microsoft Word documents with malicious macros that install embedded copies of the Hancitor trojan downloader.<\/p>\n<p>Hancitor is a trojan downloader that targets businesses and individuals around the world. It is distributed via malspam sent by compromised servers in many countries, including the United States, Japan and Canada. These malicious emails mimic notifications from legitimate organizations to entice the user to download a weaponized Microsoft Office document.<\/p>\n<p>We wrote about a previous Hancitor campaign in April 2020.<sup>1<\/sup> While many of Hancitor\u2019s core characteristics have remained the same, this recent series of campaigns includes a slightly more complex attack chain and delivers different types of malware payloads after establishing the initial Hancitor infection.<\/p>\n<p>The emails in these campaigns used a DocuSign lure to entice targets into opening links in the messages. The subject lines of the messages indicated that the target had a pending invoice or notification from DocuSign. Each email contained an embedded link leading to a Google Docs file.<\/p>\n<p>Infoblox\u2019s full report on this campaign will be available soon on our <a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\">Threat Intelligence Reports<\/a> page.<\/p>\n<p><strong>Endnotes<\/strong><\/p>\n<ol>\n<li><a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence--69\">https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence&#8211;69<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Author: James Barnett TLP: WHITE Between 23 November and 8 December, Infoblox observed multiple malicious spam (malspam) campaigns that all used DocuSign-themed lures to entice users to download and open Microsoft Word documents with malicious macros that install embedded copies of the Hancitor trojan downloader. Hancitor is a trojan downloader that targets businesses and individuals [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":2779,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[377,376,294,32],"class_list":{"0":"post-5765","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-docusign","9":"tag-hancitor","10":"tag-malspam","11":"tag-malware","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware<\/title>\n<meta name=\"description\" content=\"Between 23 November and 8 December, Infoblox observed multiple malicious spam (malspam) campaigns that all used DocuSign-themed lures to entice users to download and open Microsoft Word documents with malicious macros that install embedded copies of the Hancitor trojan downloader.Hancitor is a trojan downloader that targets businesses and individuals around the world. It is distributed via malspam sent by compromised servers in many countries, including the United States, Japan and Canada. These malicious emails mimic notifications from legitimate organizations to entice the user to download a weaponized Microsoft Office document.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware\" \/>\n<meta property=\"og:description\" content=\"Between 23 November and 8 December, Infoblox observed multiple malicious spam (malspam) campaigns that all used DocuSign-themed lures to entice users to download and open Microsoft Word documents with malicious macros that install embedded copies of the Hancitor trojan downloader.Hancitor is a trojan downloader that targets businesses and individuals around the world. It is distributed via malspam sent by compromised servers in many countries, including the United States, Japan and Canada. These malicious emails mimic notifications from legitimate organizations to entice the user to download a weaponized Microsoft Office document.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-11T05:48:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:21:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware\",\"datePublished\":\"2020-12-11T05:48:16+00:00\",\"dateModified\":\"2024-04-26T20:21:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/\"},\"wordCount\":223,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg\",\"keywords\":[\"docusign\",\"Hancitor\",\"Malspam\",\"Malware\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/\",\"name\":\"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg\",\"datePublished\":\"2020-12-11T05:48:16+00:00\",\"dateModified\":\"2024-04-26T20:21:04+00:00\",\"description\":\"Between 23 November and 8 December, Infoblox observed multiple malicious spam (malspam) campaigns that all used DocuSign-themed lures to entice users to download and open Microsoft Word documents with malicious macros that install embedded copies of the Hancitor trojan downloader.Hancitor is a trojan downloader that targets businesses and individuals around the world. It is distributed via malspam sent by compromised servers in many countries, including the United States, Japan and Canada. These malicious emails mimic notifications from legitimate organizations to entice the user to download a weaponized Microsoft Office document.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg\",\"width\":660,\"height\":454,\"caption\":\"Tell Us What You Really Think: Introducing the Infoblox Technical Advisory Boards\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware","description":"Between 23 November and 8 December, Infoblox observed multiple malicious spam (malspam) campaigns that all used DocuSign-themed lures to entice users to download and open Microsoft Word documents with malicious macros that install embedded copies of the Hancitor trojan downloader.Hancitor is a trojan downloader that targets businesses and individuals around the world. It is distributed via malspam sent by compromised servers in many countries, including the United States, Japan and Canada. These malicious emails mimic notifications from legitimate organizations to entice the user to download a weaponized Microsoft Office document.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/","og_locale":"en_US","og_type":"article","og_title":"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware","og_description":"Between 23 November and 8 December, Infoblox observed multiple malicious spam (malspam) campaigns that all used DocuSign-themed lures to entice users to download and open Microsoft Word documents with malicious macros that install embedded copies of the Hancitor trojan downloader.Hancitor is a trojan downloader that targets businesses and individuals around the world. It is distributed via malspam sent by compromised servers in many countries, including the United States, Japan and Canada. These malicious emails mimic notifications from legitimate organizations to entice the user to download a weaponized Microsoft Office document.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/","og_site_name":"Infoblox Blog","article_published_time":"2020-12-11T05:48:16+00:00","article_modified_time":"2024-04-26T20:21:04+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware","datePublished":"2020-12-11T05:48:16+00:00","dateModified":"2024-04-26T20:21:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/"},"wordCount":223,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg","keywords":["docusign","Hancitor","Malspam","Malware"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/","name":"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg","datePublished":"2020-12-11T05:48:16+00:00","dateModified":"2024-04-26T20:21:04+00:00","description":"Between 23 November and 8 December, Infoblox observed multiple malicious spam (malspam) campaigns that all used DocuSign-themed lures to entice users to download and open Microsoft Word documents with malicious macros that install embedded copies of the Hancitor trojan downloader.Hancitor is a trojan downloader that targets businesses and individuals around the world. It is distributed via malspam sent by compromised servers in many countries, including the United States, Japan and Canada. These malicious emails mimic notifications from legitimate organizations to entice the user to download a weaponized Microsoft Office document.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Tell-Us-What-You-Really-Think-Introducing-the-Infoblox-Technical-Advisory-Boards.jpg","width":660,"height":454,"caption":"Tell Us What You Really Think: Introducing the Infoblox Technical Advisory Boards"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malspam-spoofing-document-signing-software-notifications-deliver-hancitor-downloader-and-follow-on-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Malspam Spoofing Document Signing Software Notifications Deliver Hancitor Downloader and Follow-On Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5765"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5765\/revisions"}],"predecessor-version":[{"id":5766,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5765\/revisions\/5766"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/2779"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}