{"id":7454,"date":"2022-02-08T09:20:01","date_gmt":"2022-02-08T17:20:01","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7454"},"modified":"2022-02-08T09:20:01","modified_gmt":"2022-02-08T17:20:01","slug":"alibaba-cloud-researchers-uncover-tofsee-malware-using-dns","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/","title":{"rendered":"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Recently, Alibaba cloud researchers found evidence of the exploit kit used by Tofsee across hundreds of cloud machines. How? The secret was to leverage DNS. Tofsee is malware which recruits compromised systems to the Tofsee Spam Botnet. Once a system is infected, the new systems are, in turn, used to help propagate Tofsee to other systems. Tofsee has various modules which enable cryptocurrency mining and click fraud. Tofsee can bring financial loss, the exfiltration of confidential data, and worse.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Typically, Tofsee has been detected by software controls that would recognize the previously identified signatures of Tofsee. As we know, threat actors are constantly remanufacturing and repacking code to modify the signatures. Legacy signature based detection approaches require that the newly modified signature be identified first, and then this newest signature will be recognizable and detectable until the code is modified again.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The analysis of DNS traffic has opened new and better doors to identifying and stopping Tofsee and other threats. Machine learning and analytics have identified correlation between the domain name (DNS) patterns and malicious behavior patterns to identify Tofsee Trojan activity.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The researchers started with a single domain \u201cwork[.]a-poster[.]info\u201c that was reported by a cybersecurity research firm only a few months prior. This domain was noted at the time as presenting a \u201cgeneric Windows command and control\u201d threat. By applying machine learning techniques, research teams have been able to correlate and link the domain to additional domain names. All of these domain names appear to be related to the Tofsee botnet. It was a short step for further analysis to find all the cloud systems impacted by the Tofsee botnet.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS can be an important defensive weapon in your arsenal. DNS security brings a full security stack for clouds, on-premise resources, and remote workers. We already know that DNS is in the kill chain for most cyberattacks. DNS may be used during the reconnaissance phase when it is a targeted attack. DNS is also used in the delivery phase, as potential victims unknowingly make DNS queries for IP addresses involved in the attack. DNS will also be used in the email delivery process when the ransomware propagates via spam campaigns.\u00a0 The exploitation phase may involve DNS queries when the victim\u2019s system is compromised and infected. Finally, malware must connect back to command &amp; control. DNS is then used as a hidden communication channel for this purpose.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Standard security controls and technologies such as next-gen firewalls, IPS, and gateways generally do not inspect DNS for detecting malicious communications. These security controls are frequently unable to prevent specific attacks such as DNS data exfiltration. Most importantly, they are not able to detect the subtleties of newly created malicious addresses and domains.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Infoblox <\/span><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">BloxOne Threat Defense\u00ae<\/span><\/a><span style=\"font-weight: 400;\"> enables government and business to better leverage DNS to improve security posture. DNS security provides broad visibility into malicious activity, so threat actors can be shut down as early as possible in the kill chain of events. BloxOne Threat Defense uses highly accurate threat intelligence and machine learning based analytics to detect modern malware, ransomware, phishing, exploit kits, DNS-based data exfiltration, Domain Generation Algorithms, DNS Messenger, fast-flux attacks, and more.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Finally, it is also important to note that DNS Security has long gone mainstream. Don\u2019t be a late adopter! A June 2021 <\/span><a href=\"https:\/\/www.gartner.com\/en\/documents\/4002327\"><span style=\"font-weight: 400;\">Gartner report<\/span><\/a><span style=\"font-weight: 400;\"> recommends organizations leverage DNS logs for threat detection and forensic purposes with their Security Information and Event Management platforms. The U.S. National Security Agency (NSA) has also provided explicit direction on DNS in the publication <\/span><a href=\"https:\/\/media.defense.gov\/2021\/Mar\/03\/2002593055\/-1\/-1\/0\/CSI_Selecting-Protective-DNS_UOO11765221.PDF\"><span style=\"font-weight: 400;\">Selecting a Protective DNS Service<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To find out more about how Infoblox can help and to reach out to our sales team, please reach out to us via <\/span><a href=\"https:\/\/info.infoblox.com\/contact-form\/\"><span style=\"font-weight: 400;\">https:\/\/info.infoblox.com\/contact-form\/<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, Alibaba cloud researchers found evidence of the exploit kit used by Tofsee across hundreds of cloud machines. How? The secret was to leverage DNS. Tofsee is malware which recruits compromised systems to the Tofsee Spam Botnet. Once a system is infected, the new systems are, in turn, used to help propagate Tofsee to other [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":1144,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[637,638,32,639,640,366,228],"class_list":{"0":"post-7454","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-alibaba","9":"tag-tofsee","10":"tag-malware","11":"tag-dns-securit","12":"tag-ransomeware","13":"tag-spam","14":"tag-bloxone-threat-defense","15":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS<\/title>\n<meta name=\"description\" content=\"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS. Recently, Alibaba cloud researchers found evidence of the exploit kit used by Tofsee across hundreds of cloud machines. How? The secret was to leverage DNS. Tofsee is malware which recruits compromised systems to the Tofsee Spam Botnet. Once a system is infected, the new systems are, in turn, used to help propagate Tofsee to other systems. Tofsee has various modules which enable cryptocurrency mining and click fraud. Tofsee can bring financial loss, the exfiltration of confidential data, and worse.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS\" \/>\n<meta property=\"og:description\" content=\"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS. Recently, Alibaba cloud researchers found evidence of the exploit kit used by Tofsee across hundreds of cloud machines. How? The secret was to leverage DNS. Tofsee is malware which recruits compromised systems to the Tofsee Spam Botnet. Once a system is infected, the new systems are, in turn, used to help propagate Tofsee to other systems. Tofsee has various modules which enable cryptocurrency mining and click fraud. Tofsee can bring financial loss, the exfiltration of confidential data, and worse.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-08T17:20:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/469586097-660x454.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"413\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS\",\"datePublished\":\"2022-02-08T17:20:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/\"},\"wordCount\":629,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/469586097-660x454.jpg\",\"keywords\":[\"Alibaba\",\"Tofsee\",\"Malware\",\"DNS Securit\",\"ransomeware\",\"spam\",\"BloxOne\u00ae Threat Defense\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/\",\"name\":\"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/469586097-660x454.jpg\",\"datePublished\":\"2022-02-08T17:20:01+00:00\",\"description\":\"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS. Recently, Alibaba cloud researchers found evidence of the exploit kit used by Tofsee across hundreds of cloud machines. How? The secret was to leverage DNS. Tofsee is malware which recruits compromised systems to the Tofsee Spam Botnet. Once a system is infected, the new systems are, in turn, used to help propagate Tofsee to other systems. Tofsee has various modules which enable cryptocurrency mining and click fraud. Tofsee can bring financial loss, the exfiltration of confidential data, and worse.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/469586097-660x454.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/469586097-660x454.jpg\",\"width\":600,\"height\":413,\"caption\":\"Simple, Scalable, Foundational Security for SD-WAN Branches\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS","description":"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS. Recently, Alibaba cloud researchers found evidence of the exploit kit used by Tofsee across hundreds of cloud machines. How? The secret was to leverage DNS. Tofsee is malware which recruits compromised systems to the Tofsee Spam Botnet. Once a system is infected, the new systems are, in turn, used to help propagate Tofsee to other systems. Tofsee has various modules which enable cryptocurrency mining and click fraud. Tofsee can bring financial loss, the exfiltration of confidential data, and worse.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/","og_locale":"en_US","og_type":"article","og_title":"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS","og_description":"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS. Recently, Alibaba cloud researchers found evidence of the exploit kit used by Tofsee across hundreds of cloud machines. How? The secret was to leverage DNS. Tofsee is malware which recruits compromised systems to the Tofsee Spam Botnet. Once a system is infected, the new systems are, in turn, used to help propagate Tofsee to other systems. Tofsee has various modules which enable cryptocurrency mining and click fraud. Tofsee can bring financial loss, the exfiltration of confidential data, and worse.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/","og_site_name":"Infoblox Blog","article_published_time":"2022-02-08T17:20:01+00:00","og_image":[{"width":600,"height":413,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/469586097-660x454.jpg","type":"image\/jpeg"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS","datePublished":"2022-02-08T17:20:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/"},"wordCount":629,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/469586097-660x454.jpg","keywords":["Alibaba","Tofsee","Malware","DNS Securit","ransomeware","spam","BloxOne\u00ae Threat Defense"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/","url":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/","name":"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/469586097-660x454.jpg","datePublished":"2022-02-08T17:20:01+00:00","description":"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS. Recently, Alibaba cloud researchers found evidence of the exploit kit used by Tofsee across hundreds of cloud machines. How? The secret was to leverage DNS. Tofsee is malware which recruits compromised systems to the Tofsee Spam Botnet. Once a system is infected, the new systems are, in turn, used to help propagate Tofsee to other systems. Tofsee has various modules which enable cryptocurrency mining and click fraud. Tofsee can bring financial loss, the exfiltration of confidential data, and worse.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/469586097-660x454.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/469586097-660x454.jpg","width":600,"height":413,"caption":"Simple, Scalable, Foundational Security for SD-WAN Branches"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/alibaba-cloud-researchers-uncover-tofsee-malware-using-dns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Alibaba Cloud Researchers Uncover Tofsee Malware Using DNS"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7454"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7454\/revisions"}],"predecessor-version":[{"id":7455,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7454\/revisions\/7455"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/1144"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7454"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}