{"id":31822,"date":"2019-11-15T06:01:07","date_gmt":"2019-11-15T06:01:07","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/"},"modified":"2019-11-15T06:01:07","modified_gmt":"2019-11-15T06:01:07","slug":"try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/","title":{"rendered":"Try as they might, ransomware crooks can&#8217;t hide their tells when playing hands"},"content":{"rendered":"<p>Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.<\/p>\n<p>This according to a report from British security shop Sophos, whose <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/PDFs\/technical-papers\/sophoslabs-ransomware-behavior-report.pdf\">breakdown<\/a> (PDF) of 11 different malware infections, including WannaCry, Ryuk, and GandCrab, found that because ransomware attacks all have the same purpose, to encrypt user files until a payment is made, they have to generally perform many of the same tasks.<\/p>\n<p>&#8220;There are behavioral traits that ransomware routinely exhibits that security software can use to decide whether the program is malicious,&#8221; explained Sophos director of engineering Mark Loman.<\/p>\n<p>&#8220;Some traits \u2013 such as the successive encryption of documents \u2013 are hard for attackers to change, but others may be more malleable. Mixing it up, behaviorally speaking, can help ransomware to confuse some anti-ransomware protection.&#8221;<\/p>\n<p>Some of that behavior, says Loman, includes things like signing code with stolen or purchased certificates, to allow the ransomware to slip past some security checks. In other cases, ransomware installers will use elevation of privilege exploits (which often get <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2019\/11\/07\/disclosure_marc_rogers\/\" rel=\"noopener noreferrer\">overlooked for patching<\/a> due to their low risk scores) or optimize code for multi-threaded CPUs in order to encrypt as many files as possible before getting spotted.<\/p>\n<p>&#8220;Ransomware creators are acutely aware that network or endpoint security controls pose a fatal threat to any operation, so they&#8217;ve developed a fixation on detection logic,&#8221; Loman explained.<\/p>\n<p>&#8220;Modern ransomware spends an inordinate amount of time attempting to thwart security controls, tilling the field for a future harvest.&#8221;<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2018\/06\/29\/shutterstock_crying_person.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Uh oh, someone just got some bad news\"><\/p>\n<h2 title=\"Not even data recovery companies\">If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2019\/11\/11\/dharma_decryption_promises_data_recovery\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>Even with these countermeasures, however, Loman notes that Sophos and other anti-malware vendors have an advantage as they know that, sooner or later, the malware has to access the file system and begin to encrypt the data. This is the point where the attacks have to expose themselves and the spot where security tools can stop them.<\/p>\n<p>&#8220;It&#8217;s important to recognize there&#8217;s hope in this fight, and a number of ways admins can resist: Windows 10 Controlled Folder Access (CFA) whitelisting is one such way, allowing only trusted applications to edit documents and files in a specified location,&#8221; says Loman.<\/p>\n<p>&#8220;But whitelisting isn&#8217;t perfect \u2013 it requires active maintenance, and gaps or errors in coverage can result in failure when it&#8217;s most needed.&#8221;<\/p>\n<p>The report is the latest indication that the good guys are making some headway in the battle against ransomware infections. The Sophos attack comes as other vendors have noted that many state and local governments that had previously been prime targets for ransomware are better protecting themselves, forcing criminals to look to <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2019\/11\/04\/ransomware_freezes_nunavut_canada\/\" rel=\"noopener noreferrer\">more remote areas<\/a> in search of low-hanging fruit. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1858\/-7801\/your-guide-to-becoming-truly-data-driven-with-unrivalled-data-analytics-performance?td=wptl1858\">Your Guide to Becoming Truly Data-Driven with Unrivalled Data Analytics Performance<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/go.theregister.co.uk\/feed\/www.theregister.co.uk\/2019\/11\/15\/sophos_ransomware_analysis\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sophos sees common behavior across various infections Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":31823,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-31822","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Try as they might, ransomware crooks can&#039;t hide their tells when playing hands 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Try as they might, ransomware crooks can&#039;t hide their tells when playing hands 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-15T06:01:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Try as they might, ransomware crooks can&#8217;t hide their tells when playing hands\",\"datePublished\":\"2019-11-15T06:01:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/\"},\"wordCount\":479,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/\",\"name\":\"Try as they might, ransomware crooks can't hide their tells when playing hands 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg\",\"datePublished\":\"2019-11-15T06:01:07+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Try as they might, ransomware crooks can&#8217;t hide their tells when playing hands\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Try as they might, ransomware crooks can't hide their tells when playing hands 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/","og_locale":"en_US","og_type":"article","og_title":"Try as they might, ransomware crooks can't hide their tells when playing hands 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-11-15T06:01:07+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Try as they might, ransomware crooks can&#8217;t hide their tells when playing hands","datePublished":"2019-11-15T06:01:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/"},"wordCount":479,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/","url":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/","name":"Try as they might, ransomware crooks can't hide their tells when playing hands 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg","datePublished":"2019-11-15T06:01:07+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/try-as-they-might-ransomware-crooks-cant-hide-their-tells-when-playing-hands\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Try as they might, ransomware crooks can&#8217;t hide their tells when playing hands"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/31822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=31822"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/31822\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/31823"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=31822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=31822"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=31822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}