{"id":6625,"date":"2021-07-20T14:39:22","date_gmt":"2021-07-20T21:39:22","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6625"},"modified":"2024-04-26T13:20:31","modified_gmt":"2024-04-26T20:20:31","slug":"spoofed-kazakh-malspam-delivers-neshta-infostealer","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/","title":{"rendered":"Spoofed Kazakh Malspam Delivers Neshta Infostealer"},"content":{"rendered":"<h3><strong>Author: Shashank Jain<\/strong><\/h3>\n<h3><strong>TLP: WHITE<\/strong><\/h3>\n<p>From 5 to 15 March, Infoblox observed a malspam campaign distributing Neshta malware. Neshta is a computer virus that steals sensitive data by injecting malicious code into target executable files. Neshta is also capable of downloading other malware.<\/p>\n<p>First observed in 2003 and previously associated with BlackPOS malware,<sup>1<\/sup> Neshta is still prevalent in the wild.<strong>\u00a0<\/strong><\/p>\n<p>The threat actors behind the latest variant of Neshta exploit CVE-2017-11882,<sup>2<\/sup> an old Microsoft Office memory corruption vulnerability that enables them to deliver the malware via email, web, or USB devices.<sup>3<\/sup><\/p>\n<p>This variant can capture keystrokes, mouse movements, clipboard contents, audio data captured by the microphone, and screen snapshots. It can also establish persistence by inserting itself into the system boot loader and modifying the system registry.<\/p>\n<p>A typical email from this campaign has the subject line \u201cWire Transfer 5100 Usd\u201d or \u201cRemittance Debit Note\u201d and includes a weaponized attachment, <em>bn.xlxs<\/em>.<\/p>\n<p>The sender information for the emails appears to belong to Shanyrak Management Company: a Kazakh company that specializes in agriculture. It is not clear whether the threat actors hijacked the company\u2019s email servers, or whether they found another way to mimic company messages.<\/p>\n<p>Infoblox\u2019s full report on this campaign will be available soon on our<a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\"> Threat Intelligence Reports<\/a> page.<strong>\u00a0<\/strong><\/p>\n<h3><strong>Endnotes<\/strong><\/h3>\n<ol>\n<li><a href=\"https:\/\/blogs.blackberry.com\/en\/2019\/10\/threat-spotlight-neshta-file-infector-endures\">https:\/\/blogs.blackberry.com\/en\/2019\/10\/threat-spotlight-neshta-file-infector-endures<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2017-11882\">https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2017-11882<\/a><\/li>\n<li><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/17-year-old-ms-office-flaw-cve-2017-11882-actively-exploited-in-the-wild\">https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/17-year-old-ms-office-flaw-cve-2017-11882-actively-exploited-in-the-wild<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Author: Shashank Jain TLP: WHITE From 5 to 15 March, Infoblox observed a malspam campaign distributing Neshta malware. Neshta is a computer virus that steals sensitive data by injecting malicious code into target executable files. Neshta is also capable of downloading other malware. First observed in 2003 and previously associated with BlackPOS malware,1 Neshta is [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":4882,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[189,294,530],"class_list":{"0":"post-6625","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-cybersecurity","9":"tag-malspam","10":"tag-neshta","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Spoofed Kazakh Malspam Delivers Neshta Infostealer<\/title>\n<meta name=\"description\" content=\"Spoofed Kazakh Malspam Delivers Neshta Infostealer. From 5 to 15 March, Infoblox observed a malspam campaign distributing Neshta malware. Neshta is a computer virus that steals sensitive data by injecting malicious code into target executable files. Neshta is also capable of downloading other malware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Spoofed Kazakh Malspam Delivers Neshta Infostealer\" \/>\n<meta property=\"og:description\" content=\"Spoofed Kazakh Malspam Delivers Neshta Infostealer. From 5 to 15 March, Infoblox observed a malspam campaign distributing Neshta malware. Neshta is a computer virus that steals sensitive data by injecting malicious code into target executable files. Neshta is also capable of downloading other malware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-20T21:39:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:20:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"383\" \/>\n\t<meta property=\"og:image:height\" content=\"254\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Spoofed Kazakh Malspam Delivers Neshta Infostealer\",\"datePublished\":\"2021-07-20T21:39:22+00:00\",\"dateModified\":\"2024-04-26T20:20:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/\"},\"wordCount\":243,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"keywords\":[\"Cybersecurity\",\"Malspam\",\"neshta\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/\",\"name\":\"Spoofed Kazakh Malspam Delivers Neshta Infostealer\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"datePublished\":\"2021-07-20T21:39:22+00:00\",\"dateModified\":\"2024-04-26T20:20:31+00:00\",\"description\":\"Spoofed Kazakh Malspam Delivers Neshta Infostealer. From 5 to 15 March, Infoblox observed a malspam campaign distributing Neshta malware. Neshta is a computer virus that steals sensitive data by injecting malicious code into target executable files. Neshta is also capable of downloading other malware.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg\",\"width\":383,\"height\":254},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/spoofed-kazakh-malspam-delivers-neshta-infostealer\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Spoofed Kazakh Malspam Delivers Neshta Infostealer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Spoofed Kazakh Malspam Delivers Neshta Infostealer","description":"Spoofed Kazakh Malspam Delivers Neshta Infostealer. From 5 to 15 March, Infoblox observed a malspam campaign distributing Neshta malware. Neshta is a computer virus that steals sensitive data by injecting malicious code into target executable files. Neshta is also capable of downloading other malware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/","og_locale":"en_US","og_type":"article","og_title":"Spoofed Kazakh Malspam Delivers Neshta Infostealer","og_description":"Spoofed Kazakh Malspam Delivers Neshta Infostealer. From 5 to 15 March, Infoblox observed a malspam campaign distributing Neshta malware. Neshta is a computer virus that steals sensitive data by injecting malicious code into target executable files. Neshta is also capable of downloading other malware.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/","og_site_name":"Infoblox Blog","article_published_time":"2021-07-20T21:39:22+00:00","article_modified_time":"2024-04-26T20:20:31+00:00","og_image":[{"width":383,"height":254,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Spoofed Kazakh Malspam Delivers Neshta Infostealer","datePublished":"2021-07-20T21:39:22+00:00","dateModified":"2024-04-26T20:20:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/"},"wordCount":243,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","keywords":["Cybersecurity","Malspam","neshta"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/","name":"Spoofed Kazakh Malspam Delivers Neshta Infostealer","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","datePublished":"2021-07-20T21:39:22+00:00","dateModified":"2024-04-26T20:20:31+00:00","description":"Spoofed Kazakh Malspam Delivers Neshta Infostealer. From 5 to 15 March, Infoblox observed a malspam campaign distributing Neshta malware. Neshta is a computer virus that steals sensitive data by injecting malicious code into target executable files. Neshta is also capable of downloading other malware.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","width":383,"height":254},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/spoofed-kazakh-malspam-delivers-neshta-infostealer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Spoofed Kazakh Malspam Delivers Neshta Infostealer"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6625","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6625"}],"version-history":[{"count":2,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6625\/revisions"}],"predecessor-version":[{"id":6627,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6625\/revisions\/6627"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/4882"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}