{"id":6365,"date":"2021-05-27T08:48:18","date_gmt":"2021-05-27T15:48:18","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6365"},"modified":"2024-04-26T13:20:40","modified_gmt":"2024-04-26T20:20:40","slug":"graftor-adware-still-circulating","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/","title":{"rendered":"Graftor Adware Still Circulating"},"content":{"rendered":"<h3><strong>Author: Nathan Toporek<\/strong><\/h3>\n<h3><strong>TLP: WHITE<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<h3>Overview<\/h3>\n<p>On May 21 Infoblox observed a malicious spam campaign delivering Graftor malware via malicious file attachments. The threat actor(s) used a generic Invoice theme to lure victims into opening a weaponized Excel Spreadsheet.<\/p>\n<h3>Customer Impact<\/h3>\n<p>Graftor, a.k.a LoadMoney, is a family of adware that has been used by threat actors for more than nine years.<sup>1<\/sup> Once a victim is infected, it will install unwanted software on their machine.<\/p>\n<p>While our samples no longer fully executed, past versions of Graftor were capable of browser hijacking, injecting advertising banners, installing other unwanted applications, changing a user\u2019s homepage and search provider, and launching other adware. They also had anti-detection capabilities such as antivirus and sandbox detection.<sup>2<\/sup><strong>\u00a0<\/strong><\/p>\n<h3>Campaign Analysis<\/h3>\n<p>Over the years, threat actors have distributed Graftor via malicious spam emails, as well as via free software (freeware) installers.<sup>3<\/sup><\/p>\n<p>In this campaign, threat actor(s) used a subject line of <em>RE:Fwd: REQUOTE PENDING ORDER<\/em> to lure victims to open the email. Individual messages were empty, but all emails had a malicious attachment named <em>INVOCE#4587.xlsx<\/em>.<\/p>\n<h3>Attack Chain<\/h3>\n<p>When the victim opens the file attachment it will exploit CVE-11882 to download and execute the Graftor binary.<\/p>\n<h3>Vulnerabilities &#038; Mitigation<\/h3>\n<p>This campaign relies on both social engineering tactics and software exploits to infect victims with Graftor malware. As such, Infoblox recommends the following precautions:<\/p>\n<ul>\n<li>Keep computers and all endpoints up-to-date with the latest security patches to block known vulnerabilities that could be targeted by threat actors. <\/li>\n<li>Regularly train users about potential phishes and how to handle them appropriately.<\/li>\n<li>Implement attachment filtering to reduce the likelihood of malicious content reaching a user\u2019s workstation.<\/li>\n<li>Do not open attachments that are unexpected or from unfamiliar senders.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/threat-intelligence-122.jpg\" alt=\"\" width=\"630\" height=\"458\" class=\"aligncenter size-full wp-image-6552\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/threat-intelligence-122.jpg 630w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/threat-intelligence-122-300x218.jpg 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/p>\n<h3><strong>Endnotes<\/strong><\/h3>\n<ol>\n<li><a href=\"https:\/\/hotforsecurity.bitdefender.com\/blog\/adware-shifts-focus-from-advertising-to-data-harvesting-2942.html\">https:\/\/hotforsecurity.bitdefender.com\/blog\/adware-shifts-focus-from-advertising-to-data-harvesting-2942.html<\/a><\/li>\n<li><a href=\"https:\/\/blog.talosintelligence.com\/2017\/09\/graftor-but-i-never-asked-for-this.html\">https:\/\/blog.talosintelligence.com\/2017\/09\/graftor-but-i-never-asked-for-this.html<\/a><\/li>\n<li><a href=\"https:\/\/blog.talosintelligence.com\/2017\/09\/graftor-but-i-never-asked-for-this.html\">https:\/\/blog.talosintelligence.com\/2017\/09\/graftor-but-i-never-asked-for-this.html<\/a><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Author: Nathan Toporek TLP: WHITE &nbsp; Overview On May 21 Infoblox observed a malicious spam campaign delivering Graftor malware via malicious file attachments. The threat actor(s) used a generic Invoice theme to lure victims into opening a weaponized Excel Spreadsheet. Customer Impact Graftor, a.k.a LoadMoney, is a family of adware that has been used by [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":6718,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[553],"tags":[505,504,366],"class_list":{"0":"post-6365","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-campaign-briefs","8":"tag-adware","9":"tag-graftor","10":"tag-spam","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Graftor Adware Still Circulating<\/title>\n<meta name=\"description\" content=\"Graftor Adware Still Circulating. On May 21 Infoblox observed a malicious spam campaign delivering Graftor malware via malicious file attachments. The threat actor(s) used a generic Invoice theme to lure victims into opening a weaponized Excel Spreadsheet.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Graftor Adware Still Circulating\" \/>\n<meta property=\"og:description\" content=\"Graftor Adware Still Circulating. On May 21 Infoblox observed a malicious spam campaign delivering Graftor malware via malicious file attachments. The threat actor(s) used a generic Invoice theme to lure victims into opening a weaponized Excel Spreadsheet.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-27T15:48:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:20:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-11.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"405\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Graftor Adware Still Circulating\",\"datePublished\":\"2021-05-27T15:48:18+00:00\",\"dateModified\":\"2024-04-26T20:20:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/\"},\"wordCount\":313,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-11.jpg\",\"keywords\":[\"adware\",\"Graftor\",\"spam\"],\"articleSection\":[\"Cyber Campaign Briefs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/\",\"name\":\"Graftor Adware Still Circulating\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-11.jpg\",\"datePublished\":\"2021-05-27T15:48:18+00:00\",\"dateModified\":\"2024-04-26T20:20:40+00:00\",\"description\":\"Graftor Adware Still Circulating. On May 21 Infoblox observed a malicious spam campaign delivering Graftor malware via malicious file attachments. The threat actor(s) used a generic Invoice theme to lure victims into opening a weaponized Excel Spreadsheet.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-11.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-11.jpg\",\"width\":612,\"height\":405,\"caption\":\"Press enter button on the keyboard computer Shield cyber Key lock security system abstract technology world digital link cyber security on hi tech Dark blue background, Enter password to log in. lock finger Keyboard\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/graftor-adware-still-circulating\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Campaign Briefs\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Graftor Adware Still Circulating\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Graftor Adware Still Circulating","description":"Graftor Adware Still Circulating. On May 21 Infoblox observed a malicious spam campaign delivering Graftor malware via malicious file attachments. The threat actor(s) used a generic Invoice theme to lure victims into opening a weaponized Excel Spreadsheet.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/","og_locale":"en_US","og_type":"article","og_title":"Graftor Adware Still Circulating","og_description":"Graftor Adware Still Circulating. On May 21 Infoblox observed a malicious spam campaign delivering Graftor malware via malicious file attachments. The threat actor(s) used a generic Invoice theme to lure victims into opening a weaponized Excel Spreadsheet.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/","og_site_name":"Infoblox Blog","article_published_time":"2021-05-27T15:48:18+00:00","article_modified_time":"2024-04-26T20:20:40+00:00","og_image":[{"width":612,"height":405,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-11.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Graftor Adware Still Circulating","datePublished":"2021-05-27T15:48:18+00:00","dateModified":"2024-04-26T20:20:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/"},"wordCount":313,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-11.jpg","keywords":["adware","Graftor","spam"],"articleSection":["Cyber Campaign Briefs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/","name":"Graftor Adware Still Circulating","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-11.jpg","datePublished":"2021-05-27T15:48:18+00:00","dateModified":"2024-04-26T20:20:40+00:00","description":"Graftor Adware Still Circulating. On May 21 Infoblox observed a malicious spam campaign delivering Graftor malware via malicious file attachments. The threat actor(s) used a generic Invoice theme to lure victims into opening a weaponized Excel Spreadsheet.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-11.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-11.jpg","width":612,"height":405,"caption":"Press enter button on the keyboard computer Shield cyber Key lock security system abstract technology world digital link cyber security on hi tech Dark blue background, Enter password to log in. lock finger Keyboard"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/graftor-adware-still-circulating\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Cyber Campaign Briefs","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/cyber-campaign-briefs\/"},{"@type":"ListItem","position":4,"name":"Graftor Adware Still Circulating"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6365"}],"version-history":[{"count":5,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6365\/revisions"}],"predecessor-version":[{"id":6553,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6365\/revisions\/6553"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6718"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}