{"id":6357,"date":"2021-05-18T10:39:00","date_gmt":"2021-05-18T17:39:00","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6357"},"modified":"2024-04-26T13:20:41","modified_gmt":"2024-04-26T20:20:41","slug":"biotech-themed-malspam-drops-bitrat","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/","title":{"rendered":"Biotech-Themed Malspam Drops BitRAT"},"content":{"rendered":"<h3><strong>Author: Yadu Nadh<\/strong><\/h3>\n<h3><strong>TLP: WHITE<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<h3>Overview<\/h3>\n<p>On 10 May, Infoblox observed a malicious email campaign that used weaponized Microsoft Excel spreadsheets (XLS) that exploited CVE-2017-11882<sup>1<\/sup> to deliver BitRAT, a remote access trojan (RAT).<\/p>\n<h3>Customer Impact<\/h3>\n<p>BitRAT, first observed in late 2020, is a newcomer to the malware scene. Poor coding practices found within the malware signal inexperience from the developers, as large sections of the code appear to be copied and pasted from another trojan called TinyNuke, as well as from a variety of open source projects.<sup>2<\/sup><\/p>\n<p>Threat actors can purchase this malware on popular underground forums and have been observed distributing it via malicious XLS attachments in malspam.<\/p>\n<p>BitRAT\u2019s known capabilities include:<\/p>\n<ul>\n<li>SSL encryption,<\/li>\n<li>Cryptocurrency mining,<\/li>\n<li>Activating webcams,<\/li>\n<li>Keylogging,<\/li>\n<li>Downloading\/uploading files,<\/li>\n<li>Controlling the victim\u2019s machine remotely, and<\/li>\n<li>Communicating via TOR.<sup>3<\/sup><strong>\u00a0<\/strong><\/li>\n<\/ul>\n<h3>Campaign Analysis<\/h3>\n<p>In this campaign, threat actors used a biotechnology theme with the subject line <em>new deal for Biotechnologyinc-CN#324708.<\/em> The emails contained a message body referencing a \u201cnew deal\u201d to lure unsuspecting users to download and open the attachment, named <em>Biotechnologyinc-CN#324708.xlsx.<\/em><\/p>\n<h3>Attack Chain<\/h3>\n<p>Once the victim opens the attached XLS sheet, the file exploits CVE-2017-11882, a memory corruption vulnerability in Microsoft Office\u2019s Equation Editor.<\/p>\n<p>The file then downloads and executes the payload from <em>hxxp:\/\/maqboolimpex[.]co\/a1\/C3b[.]exe<\/em>. The downloaded binary in this case is a .NET crypter containing BitRAT as its payload. <\/p>\n<p>On execution, the binary establishes persistence via Windows Task Scheduler, and proceeds to initiate communication with its command and control (C&#038;C). Once it establishes C&#038;C communication, BitRAT begins its post-infection activity.<\/p>\n<h3>Vulnerabilities &#038; Mitigation<\/h3>\n<p>Malspam email campaigns are a common distribution method for malware. Infoblox therefore recommends the following precautions to reduce the possibility of infection:<\/p>\n<ul>\n<li>Always be suspicious of unexpected emails, especially regarding financial or delivery correspondence, documents, or links.<\/li>\n<li>Exercise caution if it is necessary to open emails with generic subject lines.<\/li>\n<li>Do not enable macros in Microsoft Office attachments, especially if the file\u2019s only apparent contents are directions to enable macros.<\/li>\n<li>Never configure Microsoft Office to enable macros by default. Many malware families use macros as an infection vector.<\/li>\n<li>Verify important or potentially legitimate attachments with the sender via alternative means (e.g., by phone or in person) before opening them.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/threat-intelligence-121.jpg\" alt=\"\" width=\"608\" height=\"720\" class=\"aligncenter size-full wp-image-6555\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/threat-intelligence-121.jpg 608w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/threat-intelligence-121-253x300.jpg 253w\" sizes=\"auto, (max-width: 608px) 100vw, 608px\" \/><\/p>\n<h3><strong>Endnotes<\/strong><\/h3>\n<ol>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-11882\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-11882<\/a><\/li>\n<li><a href=\"https:\/\/krabsonsecurity.com\/2020\/08\/22\/bitrat-the-latest-in-copy-pasted-malware-by-incompetent-developers\/\">https:\/\/krabsonsecurity.com\/2020\/08\/22\/bitrat-the-latest-in-copy-pasted-malware-by-incompetent-developers\/<\/a><\/li>\n<li><a href=\"https:\/\/research.checkpoint.com\/2021\/apomacrosploit-apocalyptical-fud-race\/\">https:\/\/research.checkpoint.com\/2021\/apomacrosploit-apocalyptical-fud-race\/<\/a><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Author: Yadu Nadh TLP: WHITE &nbsp; Overview On 10 May, Infoblox observed a malicious email campaign that used weaponized Microsoft Excel spreadsheets (XLS) that exploited CVE-2017-118821 to deliver BitRAT, a remote access trojan (RAT). Customer Impact BitRAT, first observed in late 2020, is a newcomer to the malware scene. Poor coding practices found within the [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":6719,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[553],"tags":[501,500,346,294],"class_list":{"0":"post-6357","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-campaign-briefs","8":"tag-biotech","9":"tag-bitrat","10":"tag-healthcare","11":"tag-malspam","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Biotech-Themed Malspam Drops BitRAT<\/title>\n<meta name=\"description\" content=\"Biotech-Themed Malspam Drops BitRAT. On 10 May, Infoblox observed a malicious email campaign that used weaponized Microsoft Excel spreadsheets (XLS) that exploited CVE-2017-118821 to deliver BitRAT, a remote access trojan (RAT).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Biotech-Themed Malspam Drops BitRAT\" \/>\n<meta property=\"og:description\" content=\"Biotech-Themed Malspam Drops BitRAT. On 10 May, Infoblox observed a malicious email campaign that used weaponized Microsoft Excel spreadsheets (XLS) that exploited CVE-2017-118821 to deliver BitRAT, a remote access trojan (RAT).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-18T17:39:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:20:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Biotech-Themed Malspam Drops BitRAT\",\"datePublished\":\"2021-05-18T17:39:00+00:00\",\"dateModified\":\"2024-04-26T20:20:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/\"},\"wordCount\":402,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-07.jpg\",\"keywords\":[\"biotech\",\"bitrat\",\"Healthcare\",\"Malspam\"],\"articleSection\":[\"Cyber Campaign Briefs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/\",\"name\":\"Biotech-Themed Malspam Drops BitRAT\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-07.jpg\",\"datePublished\":\"2021-05-18T17:39:00+00:00\",\"dateModified\":\"2024-04-26T20:20:41+00:00\",\"description\":\"Biotech-Themed Malspam Drops BitRAT. On 10 May, Infoblox observed a malicious email campaign that used weaponized Microsoft Excel spreadsheets (XLS) that exploited CVE-2017-118821 to deliver BitRAT, a remote access trojan (RAT).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-07.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-07.jpg\",\"width\":612,\"height\":408,\"caption\":\"Criminal hiding behind a mask turns up on computer screen asking the owner for money. Concept of phishing and ransomware, where the computer has all files on the harddrive encrypted and the victims need to pay a ransom in order to get their files unlocked.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/biotech-themed-malspam-drops-bitrat\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Campaign Briefs\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Biotech-Themed Malspam Drops BitRAT\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Biotech-Themed Malspam Drops BitRAT","description":"Biotech-Themed Malspam Drops BitRAT. On 10 May, Infoblox observed a malicious email campaign that used weaponized Microsoft Excel spreadsheets (XLS) that exploited CVE-2017-118821 to deliver BitRAT, a remote access trojan (RAT).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/","og_locale":"en_US","og_type":"article","og_title":"Biotech-Themed Malspam Drops BitRAT","og_description":"Biotech-Themed Malspam Drops BitRAT. On 10 May, Infoblox observed a malicious email campaign that used weaponized Microsoft Excel spreadsheets (XLS) that exploited CVE-2017-118821 to deliver BitRAT, a remote access trojan (RAT).","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/","og_site_name":"Infoblox Blog","article_published_time":"2021-05-18T17:39:00+00:00","article_modified_time":"2024-04-26T20:20:41+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Biotech-Themed Malspam Drops BitRAT","datePublished":"2021-05-18T17:39:00+00:00","dateModified":"2024-04-26T20:20:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/"},"wordCount":402,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","keywords":["biotech","bitrat","Healthcare","Malspam"],"articleSection":["Cyber Campaign Briefs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/","name":"Biotech-Themed Malspam Drops BitRAT","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","datePublished":"2021-05-18T17:39:00+00:00","dateModified":"2024-04-26T20:20:41+00:00","description":"Biotech-Themed Malspam Drops BitRAT. On 10 May, Infoblox observed a malicious email campaign that used weaponized Microsoft Excel spreadsheets (XLS) that exploited CVE-2017-118821 to deliver BitRAT, a remote access trojan (RAT).","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","width":612,"height":408,"caption":"Criminal hiding behind a mask turns up on computer screen asking the owner for money. Concept of phishing and ransomware, where the computer has all files on the harddrive encrypted and the victims need to pay a ransom in order to get their files unlocked."},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/biotech-themed-malspam-drops-bitrat\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Cyber Campaign Briefs","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/cyber-campaign-briefs\/"},{"@type":"ListItem","position":4,"name":"Biotech-Themed Malspam Drops BitRAT"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6357"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6357\/revisions"}],"predecessor-version":[{"id":6556,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6357\/revisions\/6556"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6719"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}