{"id":5775,"date":"2020-12-16T09:15:29","date_gmt":"2020-12-16T17:15:29","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5775"},"modified":"2024-08-07T12:22:53","modified_gmt":"2024-08-07T19:22:53","slug":"lokibot-campaign-uses-microsoft-office-exploit","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/","title":{"rendered":"Lokibot Campaign Uses Microsoft Office Exploit"},"content":{"rendered":"<p><strong>Author: Darby Wise<\/strong><\/p>\n<p><strong>TLP: WHITE<\/strong><\/p>\n<p>On 9 December, Infoblox observed a malicious email campaign exploiting CVE 2017-11882<sup>1<\/sup> to distribute LokiBot malware. This campaign used purchase order-themed lures to entice victims into downloading malicious Microsoft Excel (XLS) files.<\/p>\n<p>We have previously written several reports on LokiBot, including campaigns that used Coronavirus-themed lures, NGROK tunneling to download payloads, and malicious RTF files to infect victims.<sup>2,3,4<\/sup><\/p>\n<p>CVE 2017-11882, a stack buffer overflow vulnerability in the Microsoft Equation Editor, is an exploit commonly-used by threat actors. This past week, we observed a number of similar campaigns that use this CVE in their attack chains and distribute malware such as Agent Tesla, Formbook and AveMaria.<\/p>\n<p>LokiBot is a popular information stealing trojan first observed in 2015 and is frequently distributed through malspam campaigns. It is capable of harvesting the victim\u2019s login credentials, cryptocurrency wallets and other sensitive information through various methods such as keylogging. The malware then reports the stolen information to a command and control (C&amp;C) server.<sup>5<\/sup><\/p>\n<p>LokiBot is also capable of establishing backdoors that enable the attacker to install additional payloads.<\/p>\n<p>Threat actors used a common malspam theme referencing purchase orders in this campaign. Email subjects included <em>Purchase Order Confirmation for December 1st Lot<\/em> and <em>ORDER CONFIRMATION<\/em>. All of the emails contained an attached XLS file named <em>Purchase Order Confirmation.xlsx<\/em>. The email bodies were either empty or contained a short greeting such as \u201cDear All\u201d and \u201cGood day.\u201d<\/p>\n<p>Infoblox\u2019s full report on this campaign will be available soon on our<a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\"> Threat Intelligence Reports<\/a> page.<\/p>\n<p><strong>Endnotes<\/strong><\/p>\n<ol>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-11882\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-11882<\/a><\/li>\n<li><a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence--62\">https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence&#8211;62<\/a><\/li>\n<li><a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence--16\">https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence&#8211;16<\/a><\/li>\n<li><a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence--27\">https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence&#8211;27<\/a><\/li>\n<li><a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa20-266a\">https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa20-266a<\/a><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Author: Darby Wise TLP: WHITE On 9 December, Infoblox observed a malicious email campaign exploiting CVE 2017-118821 to distribute LokiBot malware. This campaign used purchase order-themed lures to entice victims into downloading malicious Microsoft Excel (XLS) files. We have previously written several reports on LokiBot, including campaigns that used Coronavirus-themed lures, NGROK tunneling to download [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":3148,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[381,382,32,189],"class_list":{"0":"post-5775","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-exploit","9":"tag-lokibot","10":"tag-malware","11":"tag-cybersecurity","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Lokibot Campaign Uses Microsoft Office Exploit<\/title>\n<meta name=\"description\" content=\"On 9 December, Infoblox observed a malicious email campaign exploiting CVE 2017-118821 to distribute LokiBot malware. This campaign used purchase order-themed lures to entice victims into downloading malicious Microsoft Excel (XLS) files. Lokibot Campaign Uses Microsoft Office Exploit\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lokibot Campaign Uses Microsoft Office Exploit\" \/>\n<meta property=\"og:description\" content=\"On 9 December, Infoblox observed a malicious email campaign exploiting CVE 2017-118821 to distribute LokiBot malware. This campaign used purchase order-themed lures to entice victims into downloading malicious Microsoft Excel (XLS) files. Lokibot Campaign Uses Microsoft Office Exploit\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-16T17:15:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-07T19:22:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Lokibot Campaign Uses Microsoft Office Exploit\",\"datePublished\":\"2020-12-16T17:15:29+00:00\",\"dateModified\":\"2024-08-07T19:22:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/\"},\"wordCount\":297,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-threat-index.jpg\",\"keywords\":[\"exploit\",\"lokibot\",\"Malware\",\"Cybersecurity\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/\",\"name\":\"Lokibot Campaign Uses Microsoft Office Exploit\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-threat-index.jpg\",\"datePublished\":\"2020-12-16T17:15:29+00:00\",\"dateModified\":\"2024-08-07T19:22:53+00:00\",\"description\":\"On 9 December, Infoblox observed a malicious email campaign exploiting CVE 2017-118821 to distribute LokiBot malware. This campaign used purchase order-themed lures to entice victims into downloading malicious Microsoft Excel (XLS) files. Lokibot Campaign Uses Microsoft Office Exploit\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-threat-index.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-threat-index.jpg\",\"width\":660,\"height\":454},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-campaign-uses-microsoft-office-exploit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Lokibot Campaign Uses Microsoft Office Exploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Lokibot Campaign Uses Microsoft Office Exploit","description":"On 9 December, Infoblox observed a malicious email campaign exploiting CVE 2017-118821 to distribute LokiBot malware. This campaign used purchase order-themed lures to entice victims into downloading malicious Microsoft Excel (XLS) files. Lokibot Campaign Uses Microsoft Office Exploit","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/","og_locale":"en_US","og_type":"article","og_title":"Lokibot Campaign Uses Microsoft Office Exploit","og_description":"On 9 December, Infoblox observed a malicious email campaign exploiting CVE 2017-118821 to distribute LokiBot malware. This campaign used purchase order-themed lures to entice victims into downloading malicious Microsoft Excel (XLS) files. Lokibot Campaign Uses Microsoft Office Exploit","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/","og_site_name":"Infoblox Blog","article_published_time":"2020-12-16T17:15:29+00:00","article_modified_time":"2024-08-07T19:22:53+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Lokibot Campaign Uses Microsoft Office Exploit","datePublished":"2020-12-16T17:15:29+00:00","dateModified":"2024-08-07T19:22:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/"},"wordCount":297,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","keywords":["exploit","lokibot","Malware","Cybersecurity"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/","name":"Lokibot Campaign Uses Microsoft Office Exploit","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","datePublished":"2020-12-16T17:15:29+00:00","dateModified":"2024-08-07T19:22:53+00:00","description":"On 9 December, Infoblox observed a malicious email campaign exploiting CVE 2017-118821 to distribute LokiBot malware. This campaign used purchase order-themed lures to entice victims into downloading malicious Microsoft Excel (XLS) files. Lokibot Campaign Uses Microsoft Office Exploit","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","width":660,"height":454},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-campaign-uses-microsoft-office-exploit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Lokibot Campaign Uses Microsoft Office Exploit"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5775","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5775"}],"version-history":[{"count":2,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5775\/revisions"}],"predecessor-version":[{"id":5777,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5775\/revisions\/5777"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/3148"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5775"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}