{"id":6847,"date":"2021-08-10T15:11:36","date_gmt":"2021-08-10T22:11:36","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6847"},"modified":"2024-08-07T12:20:31","modified_gmt":"2024-08-07T19:20:31","slug":"new-spam-actor-eggshellcheetah","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/","title":{"rendered":"New Spam Actor: EggshellCheetah"},"content":{"rendered":"<h3><strong>Author: Ma\u00ebl LaTouz<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<h3>1. Executive Summary<\/h3>\n<p>EggshellCheetah is the actor behind the high-volume spam campaigns that send emails with links to sites that pose as legitimate. EggshellCheetah aims to collect financial information, sell counterfeit products, and disseminate malspam supporting other actors\u2019 scams. The actor\u2019s campaigns employ a variety of lure topics, many of which have political themes. We do not know whether the actor itself or the actors it supports use malware.<\/p>\n<h3>2. Characteristics of Spam Campaigns<\/h3>\n<p>The actor\u2019s typical campaign covers topics in healthcare and politics, and it often reuses language from other campaigns. Since the end of 2020, the actor has been running campaigns several times each week, and the number of emails has been extremely high. However, that number has decreased in the months leading up to this report (see Figure 1); we cannot confirm whether the actor has simply ceased its activity or changed its behavior or infrastructure.<\/p>\n<p>Some of EggshellCheetah\u2019s landing pages mention an Indian company that, as the actor claims, specializes in email marketing. We have observed that the actor\u2019s campaigns have targeted U.S. residents in general and, on some occasions, various voting demographics. The emails\u2019 subject lines often mention current events, such as Black Lives Matter protests, the presidential election, and debates on gun rights. The actor has also advertised \u201cbait\u201d items for purchase, such as VirtualPilot3D, gun holsters, and counterfeit medications.<\/p>\n<p>&nbsp;<\/p>\n<h3>Figure 1: The number of emails distributed by EggshellCheetah in 2021<\/h3>\n<p><a href=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-blog-eggshell-cheetah-emails-distributed.jpg\" data-lity><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-6844\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-blog-eggshell-cheetah-emails-distributed.jpg\" alt=\"\" width=\"872\" height=\"1178\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3>3. Attack Chain<\/h3>\n<p>EggshellCheetah uses its own infrastructure for its campaigns. After clicking a URL within the body of the malspam email, the victim is taken to a landing page that triggers other redirects until the victim comes to a landing page on an attacker-controlled domain.<br \/>\nIn most cases, EggshellCheetah uses a pop-up that offers a fake unsubscribe button and an email address for complaints. The victim is then taken to another landing page, which offers a product and asks the victim to provide personal and banking information to complete the purchase. <\/p>\n<h3>4. Conclusion, Recommendations, and Mitigation<\/h3>\n<p>EggshellCheetah seems to be motivated financially first and foremost. Also, so far, EggshellCheetah has left no evidence of malware activity. The following recommendations should help users avoid falling victim to EggshellCheetah and other phishing and malspam-related threats:<\/p>\n<ul>\n<li>Be suspicious of vague or empty emails, especially those with prompts to open attachments or click URLs or hyperlinked text.<\/li>\n<li>Be suspicious of emails that come from unfamiliar sources, and never click URLs in such messages.<\/li>\n<li>Be suspicious of emails that discuss financial topics or contain delivery instructions.<\/li>\n<li>Inspect all attachments before opening them.<\/li>\n<li>Avoid opening emails with generic subject lines.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Author: Ma\u00ebl LaTouz &nbsp; 1. Executive Summary EggshellCheetah is the actor behind the high-volume spam campaigns that send emails with links to sites that pose as legitimate. EggshellCheetah aims to collect financial information, sell counterfeit products, and disseminate malspam supporting other actors\u2019 scams. The actor\u2019s campaigns employ a variety of lure topics, many of which [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":6730,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[555],"tags":[236,488,294,40,189],"class_list":{"0":"post-6847","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-malicious-activity-reports","8":"tag-cyberthreat","9":"tag-cyberthreat-intelligence-report","10":"tag-malspam","11":"tag-threat-intelligence","12":"tag-cybersecurity","13":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>New Spam Actor: EggshellCheetah | Infoblox<\/title>\n<meta name=\"description\" content=\"EggshellCheetah is the actor behind the high-volume spam campaigns that send emails with links to sites that pose as legitimate.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Spam Actor: EggshellCheetah\" \/>\n<meta property=\"og:description\" content=\"EggshellCheetah is the actor behind the high-volume spam campaigns that send emails with links to sites that pose as legitimate.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-10T22:11:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-07T19:20:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-15.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"551\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"New Spam Actor: EggshellCheetah\",\"datePublished\":\"2021-08-10T22:11:36+00:00\",\"dateModified\":\"2024-08-07T19:20:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/\"},\"wordCount\":441,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-15.jpg\",\"keywords\":[\"Cyberthreat\",\"Cyberthreat intelligence report\",\"Malspam\",\"Threat Intelligence\",\"Cybersecurity\"],\"articleSection\":[\"Malicious Activity Reports\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/\",\"name\":\"New Spam Actor: EggshellCheetah | Infoblox\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-15.jpg\",\"datePublished\":\"2021-08-10T22:11:36+00:00\",\"dateModified\":\"2024-08-07T19:20:31+00:00\",\"description\":\"EggshellCheetah is the actor behind the high-volume spam campaigns that send emails with links to sites that pose as legitimate.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-15.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-15.jpg\",\"width\":612,\"height\":551,\"caption\":\"3d rendering of Magnifying Glass on digital human hacker image, concept of cyber criminal,hacker and ransomeware.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/malicious-activity-reports\\\/new-spam-actor-eggshellcheetah\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Malicious Activity Reports\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/malicious-activity-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"New Spam Actor: EggshellCheetah\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New Spam Actor: EggshellCheetah | Infoblox","description":"EggshellCheetah is the actor behind the high-volume spam campaigns that send emails with links to sites that pose as legitimate.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/","og_locale":"en_US","og_type":"article","og_title":"New Spam Actor: EggshellCheetah","og_description":"EggshellCheetah is the actor behind the high-volume spam campaigns that send emails with links to sites that pose as legitimate.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/","og_site_name":"Infoblox Blog","article_published_time":"2021-08-10T22:11:36+00:00","article_modified_time":"2024-08-07T19:20:31+00:00","og_image":[{"width":612,"height":551,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-15.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"New Spam Actor: EggshellCheetah","datePublished":"2021-08-10T22:11:36+00:00","dateModified":"2024-08-07T19:20:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/"},"wordCount":441,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-15.jpg","keywords":["Cyberthreat","Cyberthreat intelligence report","Malspam","Threat Intelligence","Cybersecurity"],"articleSection":["Malicious Activity Reports"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/","name":"New Spam Actor: EggshellCheetah | Infoblox","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-15.jpg","datePublished":"2021-08-10T22:11:36+00:00","dateModified":"2024-08-07T19:20:31+00:00","description":"EggshellCheetah is the actor behind the high-volume spam campaigns that send emails with links to sites that pose as legitimate.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-15.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-15.jpg","width":612,"height":551,"caption":"3d rendering of Magnifying Glass on digital human hacker image, concept of cyber criminal,hacker and ransomeware."},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/malicious-activity-reports\/new-spam-actor-eggshellcheetah\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Malicious Activity Reports","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/malicious-activity-reports\/"},{"@type":"ListItem","position":4,"name":"New Spam Actor: EggshellCheetah"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6847","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6847"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6847\/revisions"}],"predecessor-version":[{"id":6851,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6847\/revisions\/6851"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6730"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6847"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6847"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6847"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}