{"id":6765,"date":"2021-07-28T13:30:48","date_gmt":"2021-07-28T20:30:48","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6765"},"modified":"2024-04-26T13:20:28","modified_gmt":"2024-04-26T20:20:28","slug":"purchase-order-malspam-delivers-snake-keylogger","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/","title":{"rendered":"Purchase Order Malspam Delivers Snake Keylogger"},"content":{"rendered":"<h3><strong>Author: Christopher Kim<\/strong><\/h3>\n<h3><strong>TLP: WHITE<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<p>On 22 July, Infoblox found a malspam campaign distributing Snake Keylogger. The attachments in the emails of this campaign are Rich Text Format (RTF) files that contain an exploit of CVE-2017-11882, a well-known vulnerability in Microsoft Office Equation Editor.<sup>1<\/sup><\/p>\n<p>Snake Keylogger\u2019s code has many similarities with keyloggers, such as Phoenix, 404, Cheetah, and Matiex. It is likely that these five keyloggers are derived from the same codebase.<sup>2<\/sup><strong>\u00a0<\/strong><\/p>\n<p>First discovered in November 2020,<sup>3<\/sup> Snake Keylogger is a modular .NET infostealer. Threat actors can use the malware\u2019s builder to define and configure specific features when generating new payloads. Snake Keylogger steals credential and configuration information by parsing login data from web browser databases, email clients, WiFi network configuration files, and chat clients. It can also log keyboard strokes, take screenshots, and extract information from the system clipboard.<strong>\u00a0<\/strong><\/p>\n<p>The emails in this campaign used the subject line <em>RE: Re: Order # 08201450<\/em>. To disguise an RTF file as a Microsoft Word document, the threat actor replaces the .rtf extension with .doc. The file name of an attachment is either <em>ORDER_LIST.doc <\/em>or <em>Order _ 08201450.doc<\/em>. All emails are delivered from the same IP address via the simple mail transfer protocol (SMTP).<\/p>\n<p>Infoblox\u2019s full report on this campaign will be available soon on our<a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\"> Threat Intelligence Reports<\/a> page.<strong>\u00a0<\/strong><\/p>\n<h3><strong>Endnotes<\/strong><\/h3>\n<ol>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-11882\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-11882<\/a><\/li>\n<li><a href=\"https:\/\/threatresearch.ext.hp.com\/the-many-skins-of-snake-keylogger\/\">https:\/\/threatresearch.ext.hp.com\/the-many-skins-of-snake-keylogger\/<\/a><\/li>\n<li><a href=\"https:\/\/twitter.com\/james_inthe_box\/status\/1333431409847926784?lang=en\">https:\/\/twitter.com\/james_inthe_box\/status\/1333431409847926784?lang=en<\/a><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Author: Christopher Kim TLP: WHITE &nbsp; On 22 July, Infoblox found a malspam campaign distributing Snake Keylogger. The attachments in the emails of this campaign are Rich Text Format (RTF) files that contain an exploit of CVE-2017-11882, a well-known vulnerability in Microsoft Office Equation Editor.1 Snake Keylogger\u2019s code has many similarities with keyloggers, such as [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":5551,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[333,189,294,541],"class_list":{"0":"post-6765","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-cyberattack","9":"tag-cybersecurity","10":"tag-malspam","11":"tag-snake-keylogger","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Purchase Order Malspam Delivers Snake Keylogger<\/title>\n<meta name=\"description\" content=\"Purchase Order Malspam Delivers Snake Keylogger. On 22 July, Infoblox found a malspam campaign distributing Snake Keylogger. The attachments in the emails of this campaign are Rich Text Format (RTF) files that contain an exploit of CVE-2017-11882, a well-known vulnerability in Microsoft Office Equation Editor.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Purchase Order Malspam Delivers Snake Keylogger\" \/>\n<meta property=\"og:description\" content=\"Purchase Order Malspam Delivers Snake Keylogger. On 22 July, Infoblox found a malspam campaign distributing Snake Keylogger. The attachments in the emails of this campaign are Rich Text Format (RTF) files that contain an exploit of CVE-2017-11882, a well-known vulnerability in Microsoft Office Equation Editor.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-28T20:30:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:20:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"523\" \/>\n\t<meta property=\"og:image:height\" content=\"359\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Purchase Order Malspam Delivers Snake Keylogger\",\"datePublished\":\"2021-07-28T20:30:48+00:00\",\"dateModified\":\"2024-04-26T20:20:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/\"},\"wordCount\":250,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/keyboard-screen-2.png\",\"keywords\":[\"Cyberattack\",\"Cybersecurity\",\"Malspam\",\"Snake Keylogger\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/\",\"name\":\"Purchase Order Malspam Delivers Snake Keylogger\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/keyboard-screen-2.png\",\"datePublished\":\"2021-07-28T20:30:48+00:00\",\"dateModified\":\"2024-04-26T20:20:28+00:00\",\"description\":\"Purchase Order Malspam Delivers Snake Keylogger. On 22 July, Infoblox found a malspam campaign distributing Snake Keylogger. The attachments in the emails of this campaign are Rich Text Format (RTF) files that contain an exploit of CVE-2017-11882, a well-known vulnerability in Microsoft Office Equation Editor.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/keyboard-screen-2.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/keyboard-screen-2.png\",\"width\":523,\"height\":359},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/purchase-order-malspam-delivers-snake-keylogger\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Purchase Order Malspam Delivers Snake Keylogger\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Purchase Order Malspam Delivers Snake Keylogger","description":"Purchase Order Malspam Delivers Snake Keylogger. On 22 July, Infoblox found a malspam campaign distributing Snake Keylogger. The attachments in the emails of this campaign are Rich Text Format (RTF) files that contain an exploit of CVE-2017-11882, a well-known vulnerability in Microsoft Office Equation Editor.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/","og_locale":"en_US","og_type":"article","og_title":"Purchase Order Malspam Delivers Snake Keylogger","og_description":"Purchase Order Malspam Delivers Snake Keylogger. On 22 July, Infoblox found a malspam campaign distributing Snake Keylogger. The attachments in the emails of this campaign are Rich Text Format (RTF) files that contain an exploit of CVE-2017-11882, a well-known vulnerability in Microsoft Office Equation Editor.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/","og_site_name":"Infoblox Blog","article_published_time":"2021-07-28T20:30:48+00:00","article_modified_time":"2024-04-26T20:20:28+00:00","og_image":[{"width":523,"height":359,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","type":"image\/png"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Purchase Order Malspam Delivers Snake Keylogger","datePublished":"2021-07-28T20:30:48+00:00","dateModified":"2024-04-26T20:20:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/"},"wordCount":250,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","keywords":["Cyberattack","Cybersecurity","Malspam","Snake Keylogger"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/","name":"Purchase Order Malspam Delivers Snake Keylogger","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","datePublished":"2021-07-28T20:30:48+00:00","dateModified":"2024-04-26T20:20:28+00:00","description":"Purchase Order Malspam Delivers Snake Keylogger. On 22 July, Infoblox found a malspam campaign distributing Snake Keylogger. The attachments in the emails of this campaign are Rich Text Format (RTF) files that contain an exploit of CVE-2017-11882, a well-known vulnerability in Microsoft Office Equation Editor.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/keyboard-screen-2.png","width":523,"height":359},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/purchase-order-malspam-delivers-snake-keylogger\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Purchase Order Malspam Delivers Snake Keylogger"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6765"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6765\/revisions"}],"predecessor-version":[{"id":6766,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6765\/revisions\/6766"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/5551"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}