{"id":6914,"date":"2021-08-27T12:34:47","date_gmt":"2021-08-27T19:34:47","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6914"},"modified":"2024-08-07T12:20:07","modified_gmt":"2024-08-07T19:20:07","slug":"fake-shipping-emails-deliver-ratty-rat","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/","title":{"rendered":"Fake Shipping Emails Deliver Ratty RAT"},"content":{"rendered":"<h3><strong>Author: Avinash Shende<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<h3>Overview<\/h3>\n<p>On 18 August, Infoblox observed a malicious email campaign distributing the remote access trojan (RAT) Ratty via weaponized Java files. Emails in this campaign have been made to appear to be coming from DHL, and they contain text that looks like shipping instructions.<br \/>\nRatty is an open-source Java RAT. It was made available on GitHub and was strongly endorsed on hack forums. Although Ratty\u2019s original uploaders deleted the repository sometime in 2017, clones of Ratty exist.<sup>1<\/sup><\/p>\n<h3>Customer Impact<\/h3>\n<p>Because Ratty\u2019s source code is available on GitHub, its operators can easily add capabilities that let it: <\/p>\n<ul>\n<li>Run commands remotely<\/li>\n<li>Collect data<\/li>\n<li>Take screenshots<\/li>\n<li>Collect keystrokes to obtain login credentials and other sensitive data<\/li>\n<li>Record audio and video by using a microphone and a webcam<sup>2<\/sup><\/li>\n<\/ul>\n<p>Ratty can cause substantial damage to devices and data, and its victims have suffered financial loss, serious violations of privacy, and identity theft.<\/p>\n<h3>Campaign Analysis<\/h3>\n<p>Emails in this campaign appear to be coming from dhl_express@dhl[.]com, and they contain an attachment: a Java file called Shipment Details.jar. The From name in the emails is DHL EXPRESS, and the subject line is YOUR SHIPMENT DELIVERY DETAILS ATTACH. The body of the emails requests that recipients open the attachment to confirm their shipment details.<br \/>\nThe SMTP IP of the emails belongs to getopta.com, a legitimate website. This suggests that the emails are sent from a compromised email account.<\/p>\n<h3>Attack Chain<\/h3>\n<p>Ratty obtains supported languages, the computer name, and other data about a victim\u2019s system. It then uses icacls.exe to change Java Usage Tracker\u2019s access permissions to everyone. To achieve persistence, Ratty drops itself into the Startup folder, and to record keystrokes, it drops a DLL file called  JNativeHook-FCBC1DC5993F3B7C153159E29CD4364927BC9517.dll into the Temp directory. To hide itself, Ratty changes its file attributes by using attrib.exe. Finally, Ratty attempts to connect to its command and control (C&#038;C) IP on port 4040 and, if it succeeds, serves as a remote-controlled backdoor to the victim&#8217;s machine.<\/p>\n<p style=\"text-align: center;\"><a href=\"\/wp-content\/uploads\/infoblox-blog-fake-shipping-emails-deliver-ratty-rat-attack-chain.jpg\" data-lity=\"\"><img decoding=\"async\" class=\"alignnone size-full wp-image-6844\" src=\"\/wp-content\/uploads\/infoblox-blog-fake-shipping-emails-deliver-ratty-rat-attack-chain.jpg\" alt=\"\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3>Vulnerabilities and Mitigation<\/h3>\n<p>Infoblox recommends the following actions for reducing the risk of infection by Ratty:<\/p>\n<ul>\n<li>Keep antivirus signatures and engines up to date.<\/li>\n<li>Turn on automatic updates, to keep the operating system up to date with the latest security patches.<\/li>\n<li>Do not expose email addresses to the internet.<\/li>\n<li>Do not open email attachments with extensions that look unfamiliar.<\/li>\n<li>Exercise caution when opening all email attachments, especially those that come from unfamiliar senders.<\/li>\n<li>Avoid opening emails with generic subject lines.<\/li>\n<\/ul>\n<h3><strong>Endnotes<\/strong><\/h3>\n<ol>\n<li><a href=\"https:\/\/www.pcrisk.com\/removal-guides\/18197-ratty-rat\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.pcrisk.com\/removal-guides\/18197-ratty-rat<\/a><\/li>\n<li><a href=\"https:\/\/www.enigmasoftware.com\/rattyrat-removal\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.enigmasoftware.com\/rattyrat-removal\/<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Author: Avinash Shende &nbsp; Overview On 18 August, Infoblox observed a malicious email campaign distributing the remote access trojan (RAT) Ratty via weaponized Java files. Emails in this campaign have been made to appear to be coming from DHL, and they contain text that looks like shipping instructions. Ratty is an open-source Java RAT. It [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":6716,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[553],"tags":[236,488,294,40,189],"class_list":{"0":"post-6914","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-campaign-briefs","8":"tag-cyberthreat","9":"tag-cyberthreat-intelligence-report","10":"tag-malspam","11":"tag-threat-intelligence","12":"tag-cybersecurity","13":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Fake DHL Emails Contain Files Delivering Remote Access Trojan | Cyber Campaign Brief<\/title>\n<meta name=\"description\" content=\"Fake emails appearing to come from DHL have been observed distributing Ratty, a remote access trojan. Learn more about this campaign and how to mitigate it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fake Shipping Emails Deliver Ratty RAT\" \/>\n<meta property=\"og:description\" content=\"Fake emails appearing to come from DHL have been observed distributing Ratty, a remote access trojan. Learn more about this campaign and how to mitigate it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-27T19:34:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-07T19:20:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-03.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Fake Shipping Emails Deliver Ratty RAT\",\"datePublished\":\"2021-08-27T19:34:47+00:00\",\"dateModified\":\"2024-08-07T19:20:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/\"},\"wordCount\":443,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-03.jpg\",\"keywords\":[\"Cyberthreat\",\"Cyberthreat intelligence report\",\"Malspam\",\"Threat Intelligence\",\"Cybersecurity\"],\"articleSection\":[\"Cyber Campaign Briefs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/\",\"name\":\"Fake DHL Emails Contain Files Delivering Remote Access Trojan | Cyber Campaign Brief\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-03.jpg\",\"datePublished\":\"2021-08-27T19:34:47+00:00\",\"dateModified\":\"2024-08-07T19:20:07+00:00\",\"description\":\"Fake emails appearing to come from DHL have been observed distributing Ratty, a remote access trojan. Learn more about this campaign and how to mitigate it.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-03.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-03.jpg\",\"width\":612,\"height\":408,\"caption\":\"Hacker attacking internet\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/fake-shipping-emails-deliver-ratty-rat\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Campaign Briefs\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Fake Shipping Emails Deliver Ratty RAT\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Fake DHL Emails Contain Files Delivering Remote Access Trojan | Cyber Campaign Brief","description":"Fake emails appearing to come from DHL have been observed distributing Ratty, a remote access trojan. Learn more about this campaign and how to mitigate it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/","og_locale":"en_US","og_type":"article","og_title":"Fake Shipping Emails Deliver Ratty RAT","og_description":"Fake emails appearing to come from DHL have been observed distributing Ratty, a remote access trojan. Learn more about this campaign and how to mitigate it.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/","og_site_name":"Infoblox Blog","article_published_time":"2021-08-27T19:34:47+00:00","article_modified_time":"2024-08-07T19:20:07+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-03.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Fake Shipping Emails Deliver Ratty RAT","datePublished":"2021-08-27T19:34:47+00:00","dateModified":"2024-08-07T19:20:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/"},"wordCount":443,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-03.jpg","keywords":["Cyberthreat","Cyberthreat intelligence report","Malspam","Threat Intelligence","Cybersecurity"],"articleSection":["Cyber Campaign Briefs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/","name":"Fake DHL Emails Contain Files Delivering Remote Access Trojan | Cyber Campaign Brief","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-03.jpg","datePublished":"2021-08-27T19:34:47+00:00","dateModified":"2024-08-07T19:20:07+00:00","description":"Fake emails appearing to come from DHL have been observed distributing Ratty, a remote access trojan. Learn more about this campaign and how to mitigate it.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-03.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-03.jpg","width":612,"height":408,"caption":"Hacker attacking internet"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/fake-shipping-emails-deliver-ratty-rat\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Cyber Campaign Briefs","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/cyber-campaign-briefs\/"},{"@type":"ListItem","position":4,"name":"Fake Shipping Emails Deliver Ratty RAT"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6914","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6914"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6914\/revisions"}],"predecessor-version":[{"id":6918,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6914\/revisions\/6918"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6716"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6914"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6914"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6914"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}