{"id":6176,"date":"2021-03-29T11:10:13","date_gmt":"2021-03-29T18:10:13","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6176"},"modified":"2024-04-26T13:20:48","modified_gmt":"2024-04-26T20:20:48","slug":"malspam-campaign-delivers-burkina-trojan","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/","title":{"rendered":"Malspam Campaign Delivers Burkina Trojan"},"content":{"rendered":"<h3><strong>Author: Jeremy Ware<\/strong><\/h3>\n<h3><strong>TLP: WHITE\u00a0<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<h3>Overview<\/h3>\n<p>From 21 to 23 March, we observed a malspam campaign distributing the Burkina trojan. First seen in October 2017, Burkina is a trojan distributed through executable (EXE) files sent via email.<\/p>\n<h3>Customer Impact<\/h3>\n<p>Burkina infects a victim\u2019s computer and attempts to harvest credentials, interrupt standard processes, conceal network connections, and other malicious actions. The malware then reaches out to a command and control (C&amp;C) server to receive additional instructions.<\/p>\n<p>The threat actor can use the stolen credentials to carry out additional malicious acts, including dropping a ransomware package or distributing additional payloads such as Trickbot.<sup>1<\/sup><\/p>\n<h3>Campaign Analysis<\/h3>\n<p>The campaign we observed delivered Burkina via spam emails. Both the subject line &#8211; <em>WG:Re:AG:Re:New order.<\/em> &#8211; and body &#8211; <em>See attached PDF<\/em> &#8211; of each message were identical. The emails carried a malicious EXE attachment masquerading as a PDF with the filename <em>SPL6677.pdf.exe<\/em>.<\/p>\n<h3>Attack Chain<\/h3>\n<p>Once the user opens the attached file, the executable will present the message \u201cSimpleGameLib has stopped working\u201d to the user.<\/p>\n<p>Burkina drops another executable file named <em>WerFault.exe<\/em> and updates the AutoRun Registry to include itself. It then attempts to harvest credentials and saved passwords once the user opens a browser. Finally, the malware attempts to connect to a C&#038;C server to receive further instructions as well as to exfiltrate the stolen data.<\/p>\n<h3>Vulnerabilities &#038; Mitigation<\/h3>\n<p>Infoblox recommends the following precautions to reduce the possibility of infection by Burkina:<\/p>\n<ul>\n<li>Be cautious of emails from unfamiliar senders and inspect   unexpected attachments before opening them.<\/li>\n<li>Always be suspicious of vague emails, especially if there     is a prompt to open an attachment or click on a URL or  clickable text.<\/li>\n<li>Filter attachments to reduce the likelihood of malicious  content reaching a user\u2019s workstation.<\/li>\n<li>Be aware of any attachment\u2019s file type and never openfiles that could be a script (.vbs, .cmd, .bat) or another  executable (.<em>exe<\/em>).<\/li>\n<li>Ensure you read the file type correctly as many threat  actors will include a trusted file type description in the  name (.pdf, .docx, .xls, etc.)<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/threat-intelligence-113.jpg\" alt=\"\" width=\"578\" height=\"794\" class=\"aligncenter size-full wp-image-6581\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/threat-intelligence-113.jpg 578w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/threat-intelligence-113-218x300.jpg 218w\" sizes=\"auto, (max-width: 578px) 100vw, 578px\" \/><\/p>\n<h3><strong>Endnotes<\/strong><\/h3>\n<ol>\n<li><a href=\" https:\/\/www.joesandbox.com\/analysis\/325825\/0\/html\"> https:\/\/www.joesandbox.com\/analysis\/325825\/0\/html<\/a>\/<\/li>\n<li><a href=\"https:\/\/howtofix.guide\/heur-msil-burkina-1\/\">https:\/\/howtofix.guide\/heur-msil-burkina-1<\/a>\/<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Author: Jeremy Ware TLP: WHITE\u00a0 &nbsp; Overview From 21 to 23 March, we observed a malspam campaign distributing the Burkina trojan. First seen in October 2017, Burkina is a trojan distributed through executable (EXE) files sent via email. Customer Impact Burkina infects a victim\u2019s computer and attempts to harvest credentials, interrupt standard processes, conceal network [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":6724,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[553],"tags":[465,294,260],"class_list":{"0":"post-6176","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-campaign-briefs","8":"tag-burkina","9":"tag-malspam","10":"tag-trojan","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Malspam Campaign Delivers Burkina Trojan<\/title>\n<meta name=\"description\" content=\"Malspam Campaign Delivers Burkina Trojan. From 21 to 23 March, we observed a malspam campaign distributing the Burkina trojan. First seen in October 2017, Burkina is a trojan distributed through executable (EXE) files sent via email.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malspam Campaign Delivers Burkina Trojan\" \/>\n<meta property=\"og:description\" content=\"Malspam Campaign Delivers Burkina Trojan. From 21 to 23 March, we observed a malspam campaign distributing the Burkina trojan. First seen in October 2017, Burkina is a trojan distributed through executable (EXE) files sent via email.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-29T18:10:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:20:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-04-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Malspam Campaign Delivers Burkina Trojan\",\"datePublished\":\"2021-03-29T18:10:13+00:00\",\"dateModified\":\"2024-04-26T20:20:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/\"},\"wordCount\":361,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-04-1.jpg\",\"keywords\":[\"Burkina\",\"Malspam\",\"Trojan\"],\"articleSection\":[\"Cyber Campaign Briefs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/\",\"name\":\"Malspam Campaign Delivers Burkina Trojan\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-04-1.jpg\",\"datePublished\":\"2021-03-29T18:10:13+00:00\",\"dateModified\":\"2024-04-26T20:20:48+00:00\",\"description\":\"Malspam Campaign Delivers Burkina Trojan. From 21 to 23 March, we observed a malspam campaign distributing the Burkina trojan. First seen in October 2017, Burkina is a trojan distributed through executable (EXE) files sent via email.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-04-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-04-1.jpg\",\"width\":612,\"height\":408,\"caption\":\"Hacked alert on the screen of smartphone on laptop computer. Skull of death on data flowing background. Selective focus on screen of the phone.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/malspam-campaign-delivers-burkina-trojan\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Campaign Briefs\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Malspam Campaign Delivers Burkina Trojan\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Malspam Campaign Delivers Burkina Trojan","description":"Malspam Campaign Delivers Burkina Trojan. From 21 to 23 March, we observed a malspam campaign distributing the Burkina trojan. First seen in October 2017, Burkina is a trojan distributed through executable (EXE) files sent via email.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/","og_locale":"en_US","og_type":"article","og_title":"Malspam Campaign Delivers Burkina Trojan","og_description":"Malspam Campaign Delivers Burkina Trojan. From 21 to 23 March, we observed a malspam campaign distributing the Burkina trojan. First seen in October 2017, Burkina is a trojan distributed through executable (EXE) files sent via email.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/","og_site_name":"Infoblox Blog","article_published_time":"2021-03-29T18:10:13+00:00","article_modified_time":"2024-04-26T20:20:48+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-04-1.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Malspam Campaign Delivers Burkina Trojan","datePublished":"2021-03-29T18:10:13+00:00","dateModified":"2024-04-26T20:20:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/"},"wordCount":361,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-04-1.jpg","keywords":["Burkina","Malspam","Trojan"],"articleSection":["Cyber Campaign Briefs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/","name":"Malspam Campaign Delivers Burkina Trojan","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-04-1.jpg","datePublished":"2021-03-29T18:10:13+00:00","dateModified":"2024-04-26T20:20:48+00:00","description":"Malspam Campaign Delivers Burkina Trojan. From 21 to 23 March, we observed a malspam campaign distributing the Burkina trojan. First seen in October 2017, Burkina is a trojan distributed through executable (EXE) files sent via email.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-04-1.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-04-1.jpg","width":612,"height":408,"caption":"Hacked alert on the screen of smartphone on laptop computer. Skull of death on data flowing background. Selective focus on screen of the phone."},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/malspam-campaign-delivers-burkina-trojan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Cyber Campaign Briefs","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/cyber-campaign-briefs\/"},{"@type":"ListItem","position":4,"name":"Malspam Campaign Delivers Burkina Trojan"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6176"}],"version-history":[{"count":5,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6176\/revisions"}],"predecessor-version":[{"id":6582,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6176\/revisions\/6582"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6724"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}