{"id":6874,"date":"2021-08-24T15:58:58","date_gmt":"2021-08-24T22:58:58","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6874"},"modified":"2024-08-07T12:20:17","modified_gmt":"2024-08-07T19:20:17","slug":"urgent-report-spam-drops-danabot-banking-trojan","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/","title":{"rendered":"\u201cUrgent Report\u201d Spam Drops Danabot Banking Trojan"},"content":{"rendered":"<h3><strong>Author: Nick Sundvall<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<h3>Overview<\/h3>\n<p>On 12 August, Infoblox observed a malspam campaign distributing the Danabot banking trojan through ZIP files. <\/p>\n<h3>Customer Impact<\/h3>\n<p>First seen by Proofpoint in 2018, Danabot is a banking trojan written in Delphi.<sup>1<\/sup> Danabot can steal credentials, take screenshots, log keystrokes, exfiltrate data to command and control servers (C&#038;Cs), and perform web injection to manipulate browser sessions and steal banking information.<sup>2<\/sup><\/p>\n<h3>Campaign Analysis<\/h3>\n<p>Some emails in this campaign have empty bodies, and others contain a reference to a seemingly random number, such as \u2116 7585203. The emails\u2019 subject line of \u201cStudy the report very urgently\u201d attempts to coerce a recipient into opening the attached file 12.08 &#8211; Reports.zip. This ZIP contains a malicious JavaScript file 12.08 &#8211; Reports.js, which is filled with shell code. <\/p>\n<h3>Attack Chain<\/h3>\n<p>Opening 12.08 &#8211; Reports.zip extracts the malicious JavaScript file. When run, it executes a shell command that runs a PowerShell script with a base64-encoded command. The decoded command downloads an additional PowerShell command, which downloads and executes the final payload, Danabot. From here, Danabot connects to its C&#038;C, and can exfiltrate data and receive additional commands.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-blog-danabot-banking-trojan-attack-chain.jpg\" data-lity=\"\"><img decoding=\"async\" class=\"alignnone size-full wp-image-6844\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-blog-danabot-banking-trojan-attack-chain.jpg\" alt=\"\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3>Vulnerabilities &amp; Mitigation<\/h3>\n<p>Because malspam emails are a common distribution method for malicious scams, Infoblox recommends the following precautions typically used to avoid these attacks:<\/p>\n<ul>\n<li>Always be suspicious of vague or empty emails, especially those that contain prompts to open attachments or click links.<\/li>\n<li>Be aware of an attachment\u2019s file type, and never open an attachment that could be a script (.js, .vbs, .cmd, or .bat), an internet shortcut file, or a compressed file. Threat actors use compressed files to evade detection methods that are based on file hashes and signatures. They also use compressed files to mask the real malicious files that would be flagged by email services.\n<\/li>\n<li>Verify the legitimacy of emails with the alleged sender before opening any attachments.<\/li>\n<\/ul>\n<h3><strong>Endnotes<\/strong><\/h3>\n<ol>\n<li><a href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/danabot-new-banking-trojan-surfaces-down-under-0\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/danabot-new-banking-trojan-surfaces-down-under-0<\/a><\/li>\n<li><a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/new-year-new-version-danabot\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/new-year-new-version-danabot<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Author: Nick Sundvall &nbsp; Overview On 12 August, Infoblox observed a malspam campaign distributing the Danabot banking trojan through ZIP files. Customer Impact First seen by Proofpoint in 2018, Danabot is a banking trojan written in Delphi.1 Danabot can steal credentials, take screenshots, log keystrokes, exfiltrate data to command and control servers (C&#038;Cs), and perform [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":6882,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[553],"tags":[236,488,294,40,189],"class_list":{"0":"post-6874","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-campaign-briefs","8":"tag-cyberthreat","9":"tag-cyberthreat-intelligence-report","10":"tag-malspam","11":"tag-threat-intelligence","12":"tag-cybersecurity","13":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Danabot Banking Trojan: Malspam Campaign Update | Infoblox<\/title>\n<meta name=\"description\" content=\"The Danabot banking trojan can steal credentials, take screenshots, steal banking information, and more. Learn about the most recent campaign, the attack chain &amp; mitigation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u201cUrgent Report\u201d Spam Drops Danabot Banking Trojan\" \/>\n<meta property=\"og:description\" content=\"The Danabot banking trojan can steal credentials, take screenshots, steal banking information, and more. Learn about the most recent campaign, the attack chain &amp; mitigation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-24T22:58:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-07T19:20:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"322\" \/>\n\t<meta property=\"og:image:height\" content=\"215\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"\u201cUrgent Report\u201d Spam Drops Danabot Banking Trojan\",\"datePublished\":\"2021-08-24T22:58:58+00:00\",\"dateModified\":\"2024-08-07T19:20:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/\"},\"wordCount\":333,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg\",\"keywords\":[\"Cyberthreat\",\"Cyberthreat intelligence report\",\"Malspam\",\"Threat Intelligence\",\"Cybersecurity\"],\"articleSection\":[\"Cyber Campaign Briefs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/\",\"name\":\"Danabot Banking Trojan: Malspam Campaign Update | Infoblox\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg\",\"datePublished\":\"2021-08-24T22:58:58+00:00\",\"dateModified\":\"2024-08-07T19:20:17+00:00\",\"description\":\"The Danabot banking trojan can steal credentials, take screenshots, steal banking information, and more. Learn about the most recent campaign, the attack chain & mitigation.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg\",\"width\":322,\"height\":215,\"caption\":\"Concept for cyber crime. A criminal is phishing for your username and password. Studio shot with blue background.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/urgent-report-spam-drops-danabot-banking-trojan\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Campaign Briefs\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"\u201cUrgent Report\u201d Spam Drops Danabot Banking Trojan\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Danabot Banking Trojan: Malspam Campaign Update | Infoblox","description":"The Danabot banking trojan can steal credentials, take screenshots, steal banking information, and more. Learn about the most recent campaign, the attack chain & mitigation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/","og_locale":"en_US","og_type":"article","og_title":"\u201cUrgent Report\u201d Spam Drops Danabot Banking Trojan","og_description":"The Danabot banking trojan can steal credentials, take screenshots, steal banking information, and more. Learn about the most recent campaign, the attack chain & mitigation.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/","og_site_name":"Infoblox Blog","article_published_time":"2021-08-24T22:58:58+00:00","article_modified_time":"2024-08-07T19:20:17+00:00","og_image":[{"width":322,"height":215,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"\u201cUrgent Report\u201d Spam Drops Danabot Banking Trojan","datePublished":"2021-08-24T22:58:58+00:00","dateModified":"2024-08-07T19:20:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/"},"wordCount":333,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg","keywords":["Cyberthreat","Cyberthreat intelligence report","Malspam","Threat Intelligence","Cybersecurity"],"articleSection":["Cyber Campaign Briefs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/","name":"Danabot Banking Trojan: Malspam Campaign Update | Infoblox","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg","datePublished":"2021-08-24T22:58:58+00:00","dateModified":"2024-08-07T19:20:17+00:00","description":"The Danabot banking trojan can steal credentials, take screenshots, steal banking information, and more. Learn about the most recent campaign, the attack chain & mitigation.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-cover-image-urgent-report-spam-drops-danabot-banking-trojan.jpg","width":322,"height":215,"caption":"Concept for cyber crime. A criminal is phishing for your username and password. Studio shot with blue background."},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/urgent-report-spam-drops-danabot-banking-trojan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Cyber Campaign Briefs","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/cyber-campaign-briefs\/"},{"@type":"ListItem","position":4,"name":"\u201cUrgent Report\u201d Spam Drops Danabot Banking Trojan"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6874"}],"version-history":[{"count":2,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6874\/revisions"}],"predecessor-version":[{"id":6879,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6874\/revisions\/6879"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6882"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}