{"id":7246,"date":"2021-11-01T15:21:42","date_gmt":"2021-11-01T22:21:42","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7246"},"modified":"2024-08-07T12:18:19","modified_gmt":"2024-08-07T19:18:19","slug":"new-malspam-campaign-delivers-adwind-rat","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/","title":{"rendered":"New Malspam Campaign Delivers Adwind RAT"},"content":{"rendered":"<h3><strong>Author: Laksh Sethi<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<h3>1. Overview<\/h3>\n<p>From 22 to 27 October, Infoblox observed multiple related malspam campaigns distributing the remote access trojan (RAT) Adwind via weaponized Java and JavaScript files. Emails in these campaigns present themselves as coming from a logistics bureau, Al Bahr Al Arabi, and The United Bank of Egypt.<\/p>\n<p>Adwind RAT is a cross-platform, multi-functional malware. It is openly distributed as a paid malware-as-a-service (MaaS), which cyber criminals can customize and control.<\/p>\n<h3>2. Customer impact<\/h3>\n<p>Adwind originated in Mexico and was discovered in 2012, when it was known as Frutas RAT. Adwind can control the infected machine\u2019s webcam, capture screenshots and sensitive data, install and run applications, run commands remotely, collect data, and perform other tasks.<\/p>\n<h3>3. Campaign analysis<\/h3>\n<p>Emails in these campaigns have no body and portray themselves as coming from email addresses associated with an unidentified logistics bureau; Al Bahr Al Arabi, which is the name of a marine engineering services company based in the United Arab Emirates; and the United Bank of Egypt. Each email contains an attachment: a JavaScript file named ORDER_21108899.js or a Java file named Payments_Copy.jar, mt103_usd78654_pdf.jar, or ORDER_211099A_pdf.jar. The subject line is Fw: Payment Copy, PO 04399021, Fw: Order, or ORDER #211099A. <\/p>\n<h3>4. Attack chain<\/h3>\n<p>Adwind obtains supported languages, the computer name, and other data from a victim\u2019s system. It then uses (1) icacls.exe to change Java Usage Tracker\u2019s access permissions to everyone, (2) javaw.exe to prevent any console or window from opening while it performs its tasks, and (3) java.exe to read encrypted Java code from plain-text and class files that contain further instructions.<\/p>\n<p>To achieve persistence, Adwind drops itself into the Startup folder. To hide itself, it changes its file attributes by using attrib.exe. Finally, it attempts to connect to its command and control (C&#038;C) IP and, if it succeeds, serves as a remote-controlled backdoor to the victim&#8217;s machine.<\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-7217 size-full\" src=\"\/wp-content\/uploads\/infoblox-blog-new-malspam-campaign-delivers-adwind-rat-attack-chain.jpg\" alt=\"\" \/><\/p>\n<h3>5. Vulnerabilities and mitigation<\/h3>\n<p>Infoblox recommends the following actions for reducing the risk of infection by Adwind RAT:<\/p>\n<ul>\n<li>Keep antivirus signatures and engines up to date.<\/li>\n<li>Turn on automatic updates, to keep the operating system up to date with the latest security patches.<\/li>\n<li>Do not expose email addresses to the internet.<\/li>\n<li>Do not open email attachments with extensions that look unfamiliar.<\/li>\n<li>Exercise caution when opening all email attachments, especially those that come from unfamiliar senders.<\/li>\n<li>Avoid opening emails with generic subject lines.<\/li>\n<li>Prevent JAR files from running in %AppData%\/[random folder name], and prohibit the creation of JAR files in the same folder.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Author: Laksh Sethi &nbsp; 1. Overview From 22 to 27 October, Infoblox observed multiple related malspam campaigns distributing the remote access trojan (RAT) Adwind via weaponized Java and JavaScript files. Emails in these campaigns present themselves as coming from a logistics bureau, Al Bahr Al Arabi, and The United Bank of Egypt. Adwind RAT is [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":6721,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[553],"tags":[236,488,294,40,189],"class_list":{"0":"post-7246","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-campaign-briefs","8":"tag-cyberthreat","9":"tag-cyberthreat-intelligence-report","10":"tag-malspam","11":"tag-threat-intelligence","12":"tag-cybersecurity","13":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Adwind RAT Malspam Campaign Analysis | Cyber Campaign Brief | Infoblox<\/title>\n<meta name=\"description\" content=\"This remote access trojan can control webcams, capture screenshots, install &amp; run applications, and perform other tasks. Learn more about it &amp; how to stay safe.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Malspam Campaign Delivers Adwind RAT\" \/>\n<meta property=\"og:description\" content=\"This remote access trojan can control webcams, capture screenshots, install &amp; run applications, and perform other tasks. Learn more about it &amp; how to stay safe.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-01T22:21:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-07T19:18:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-17.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"339\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"New Malspam Campaign Delivers Adwind RAT\",\"datePublished\":\"2021-11-01T22:21:42+00:00\",\"dateModified\":\"2024-08-07T19:18:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/\"},\"wordCount\":426,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-17.jpg\",\"keywords\":[\"Cyberthreat\",\"Cyberthreat intelligence report\",\"Malspam\",\"Threat Intelligence\",\"Cybersecurity\"],\"articleSection\":[\"Cyber Campaign Briefs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/\",\"name\":\"Adwind RAT Malspam Campaign Analysis | Cyber Campaign Brief | Infoblox\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-17.jpg\",\"datePublished\":\"2021-11-01T22:21:42+00:00\",\"dateModified\":\"2024-08-07T19:18:19+00:00\",\"description\":\"This remote access trojan can control webcams, capture screenshots, install & run applications, and perform other tasks. Learn more about it & how to stay safe.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-17.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-17.jpg\",\"width\":612,\"height\":339,\"caption\":\"close up programmer man hand typing on keyboard laptop for register data system or access password at dark operation room , cyber security concept\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/new-malspam-campaign-delivers-adwind-rat\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Campaign Briefs\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/cyber-campaign-briefs\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"New Malspam Campaign Delivers Adwind RAT\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Adwind RAT Malspam Campaign Analysis | Cyber Campaign Brief | Infoblox","description":"This remote access trojan can control webcams, capture screenshots, install & run applications, and perform other tasks. Learn more about it & how to stay safe.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/","og_locale":"en_US","og_type":"article","og_title":"New Malspam Campaign Delivers Adwind RAT","og_description":"This remote access trojan can control webcams, capture screenshots, install & run applications, and perform other tasks. Learn more about it & how to stay safe.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/","og_site_name":"Infoblox Blog","article_published_time":"2021-11-01T22:21:42+00:00","article_modified_time":"2024-08-07T19:18:19+00:00","og_image":[{"width":612,"height":339,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-17.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"New Malspam Campaign Delivers Adwind RAT","datePublished":"2021-11-01T22:21:42+00:00","dateModified":"2024-08-07T19:18:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/"},"wordCount":426,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-17.jpg","keywords":["Cyberthreat","Cyberthreat intelligence report","Malspam","Threat Intelligence","Cybersecurity"],"articleSection":["Cyber Campaign Briefs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/","name":"Adwind RAT Malspam Campaign Analysis | Cyber Campaign Brief | Infoblox","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-17.jpg","datePublished":"2021-11-01T22:21:42+00:00","dateModified":"2024-08-07T19:18:19+00:00","description":"This remote access trojan can control webcams, capture screenshots, install & run applications, and perform other tasks. Learn more about it & how to stay safe.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-17.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-17.jpg","width":612,"height":339,"caption":"close up programmer man hand typing on keyboard laptop for register data system or access password at dark operation room , cyber security concept"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/cyber-campaign-briefs\/new-malspam-campaign-delivers-adwind-rat\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Cyber Campaign Briefs","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/cyber-campaign-briefs\/"},{"@type":"ListItem","position":4,"name":"New Malspam Campaign Delivers Adwind RAT"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7246"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7246\/revisions"}],"predecessor-version":[{"id":7248,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7246\/revisions\/7248"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6721"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}