{"id":32789,"date":"2020-01-15T17:21:46","date_gmt":"2020-01-15T17:21:46","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/30845\/Satan-Ransomware-Rebrands-As-5ss5c-Ransomware.html"},"modified":"2020-01-15T17:21:46","modified_gmt":"2020-01-15T17:21:46","slug":"satan-ransomware-rebrands-as-5ss5c-ransomware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/","title":{"rendered":"Satan Ransomware Rebrands As 5ss5c Ransomware"},"content":{"rendered":"<p> The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps <a href=\"https:\/\/bartblaze.blogspot.com\/2018\/04\/maktub-ransomware-possibly-rebranded-as.html\" target=\"_blank\" rel=\"noopener noreferrer\">Iron ransomware<\/a>, has now come up with a new version or rebranding named &#8220;5ss5c&#8221;.<\/p>\n<p>In a previous blog post,&nbsp;<a href=\"https:\/\/bartblaze.blogspot.com\/2018\/04\/satan-ransomware-adds-eternalblue.html\" target=\"_blank\" rel=\"noopener noreferrer\">Satan ransomware adds EternalBlue exploit<\/a>, I described how the group behind Satan ransomware has been actively developing its ransomware, adding new functionalities (specifically then: EternalBlue) and techniques with each run. Then, it appeared the group halted operations on at least the ransomware front for several months.<\/p>\n<p>However, as it turns out, the group has been working on new ransomware &#8211; <strong>5ss5c<\/strong> &#8211; since at least November 2019.<\/p>\n<p>The following tweet got my attention:<\/p>\n<blockquote class=\"twitter-tweet\"><p> \u2014 onion (@jishuzhain) <a href=\"https:\/\/twitter.com\/jishuzhain\/status\/1216368394485800961?ref_src=twsrc%5Etfw\">January 12, 2020<\/a><\/p><\/blockquote>\n<p>After some quick checks, it appears this is a downloader for the 5ss5c ransomware, which is extremely reminiscent of how Satan ransomware operated:<\/p>\n<table cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/1.bp.blogspot.com\/-R8iszii_PsM\/XhuVHj70D_I\/AAAAAAAACSQ\/M8n7CBNaJK0Veos1vwHaryu9j5BYNXKOACLcBGAsYHQ\/s1600\/iron0.PNG\" imageanchor=\"1\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" data-original-height=\"357\" data-original-width=\"760\" height=\"187\" src=\"https:\/\/1.bp.blogspot.com\/-R8iszii_PsM\/XhuVHj70D_I\/AAAAAAAACSQ\/M8n7CBNaJK0Veos1vwHaryu9j5BYNXKOACLcBGAsYHQ\/s400\/iron0.PNG\" width=\"400\"><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\">Figure 1 &#8211; 5ss5c downloader<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span id=\"goog_1999818430\"><\/span><span id=\"goog_1999818431\"><\/span><\/p>\n<p>The malware will leverage certutil and even contains logging:<\/p>\n<table cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/1.bp.blogspot.com\/-N8z368OK-II\/XhuWMIXpdeI\/AAAAAAAACSc\/HgmxxJWb5m017agvWacwCki_180ukg45gCLcBGAsYHQ\/s1600\/iron4.PNG\" imageanchor=\"1\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" data-original-height=\"116\" data-original-width=\"430\" height=\"107\" src=\"https:\/\/1.bp.blogspot.com\/-N8z368OK-II\/XhuWMIXpdeI\/AAAAAAAACSc\/HgmxxJWb5m017agvWacwCki_180ukg45gCLcBGAsYHQ\/s400\/iron4.PNG\" width=\"400\"><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\">Figure 2 &#8211; certutil logging<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>It will download and leverage:<\/p>\n<ul>\n<li>Spreader (EternalBlue and hardcoded credentials);<\/li>\n<li>Mimikatz and what appears another password dumper\/stealer;<\/li>\n<li>The actual ransomware.<\/li>\n<\/ul>\n<div>The following hashes are relevant to this new variant:<\/p>\n<p><strong>Name<\/strong>: down.txt<br \/><strong>URL<\/strong>:&nbsp;http:\/\/58.221.158[.]90:88\/car\/down.txt<br \/><strong>Purpose<\/strong>: Downloader<br \/><strong>MD5<\/strong>: 680d9c8bb70e38d3727753430c655699<br \/><strong>SHA1<\/strong>: 5e72192360bbe436a3f4048717320409fb1a8009<br \/><strong>SHA256<\/strong>: ddfd1d60ffea333a1565b0707a7adca601dafdd7ec29c61d622732117416545f<br \/><strong>Compilation timestamp<\/strong>: 2020-01-11 19:04:24<br \/><strong>VirusTotal report<\/strong>:<br \/><a href=\"https:\/\/www.virustotal.com\/gui\/file\/ddfd1d60ffea333a1565b0707a7adca601dafdd7ec29c61d622732117416545f\/summary\" target=\"_blank\" rel=\"noopener noreferrer\">ddfd1d60ffea333a1565b0707a7adca601dafdd7ec29c61d622732117416545f<\/a><\/p>\n<p><strong>down.txt<\/strong>&nbsp;is, as mentioned, the downloader for the spreader module and for the actual ransomware:<\/p>\n<p><strong>Name<\/strong>: c.dat<br \/><strong>URL<\/strong>:&nbsp;http:\/\/58.221.158[.]90:88\/car\/c.dat<br \/><strong>Purpose<\/strong>: spreader<br \/><strong>MD5<\/strong>: 01a9b1f9a9db526a54a64e39a605dd30<br \/><strong>SHA1<\/strong>: a436e3f5a9ee5e88671823b43fa77ed871c1475b<br \/><strong>SHA256<\/strong>: 9a1365c42f4aca3e9c1c5dcf38b967b73ab56e4af0b4a4380af7e2bf185478bc<br \/><strong>Compilation timestamp<\/strong>: 2020-01-11 19:19:54<br \/><strong>VirusTotal report<\/strong>:<br \/><a href=\"https:\/\/www.virustotal.com\/gui\/file\/9a1365c42f4aca3e9c1c5dcf38b967b73ab56e4af0b4a4380af7e2bf185478bc\/details\" target=\"_blank\" rel=\"noopener noreferrer\">9a1365c42f4aca3e9c1c5dcf38b967b73ab56e4af0b4a4380af7e2bf185478bc<\/a><\/p>\n<p><strong>Name<\/strong>: cpt.dat<br \/><strong>URL<\/strong>:&nbsp;http:\/\/58.221.158[.]90:88\/car\/cpt.dat<br \/><strong>Purpose<\/strong>: ransomware<br \/><strong>MD5<\/strong>: 853358339279b590fb1c40c3dc0cdb72<br \/><strong>SHA1<\/strong>: 84825801eac21a8d6eb060ddd8a0cd902dcead25<br \/><strong>SHA256<\/strong>: ca154fa6ff0d1ebc786b4ea89cefae022e05497d095c2391331f24113aa31e3c<br \/><strong>Compilation timestamp<\/strong>: 2020-01-11 19:54:25<br \/><strong>VirusTotal report<\/strong>:<br \/><a href=\"https:\/\/www.virustotal.com\/gui\/file\/ca154fa6ff0d1ebc786b4ea89cefae022e05497d095c2391331f24113aa31e3c\/details\" target=\"_blank\" rel=\"noopener noreferrer\">ca154fa6ff0d1ebc786b4ea89cefae022e05497d095c2391331f24113aa31e3c<\/a><br \/><strong>Fun fact<\/strong>: file version information contains &#8220;<strong>TODO: 5SS5C Encoder<\/strong>&#8220;.<\/p>\n<p>The compilation times are sequential, which makes sense &#8211; the downloader has been developed (and compiled) first, then the spreader and the actual ransomware.<\/p>\n<p>Further indicators, such as hashes, URLs, file paths and so on will be posted at the end of this blog post.<\/p>\n<\/div>\n<div><span><strong>5ss5c &#8211; still in development &#8211; and with oddities<\/strong><\/span><\/div>\n<div>There&#8217;s quite some curiosities that indicate 5ss5c is still in active development and stems from Satan ransomware, for example:<\/div>\n<div>\n<ul>\n<li>There are several logs created, e.g. there is a file &#8220;<em>C:\\Program Files\\Common Files\\System\\Scanlog<\/em>&#8221; that simply logs whether IPC SMB is open\/available;<\/li>\n<li>Certutil logging (successful download or not);<\/li>\n<li>There are several Satan ransomware artefacts;<\/li>\n<li>Other Tactics, Techniques and Procedures (TTP) align with both Satan (and DBGer), and slightly overlap with Iron:&nbsp;<\/li>\n<li>\n<ul>\n<li>One of these is, for example, the use of multiple packers to protect their droppers and payloads.&nbsp;<\/li>\n<li>This time however, they decided to use both MPRESS and Enigma, and even Enigma VirtualBox! (Note: Enigma and Enigma VirtualBox are not the same &#8211; the latter is a <u>virtualised<\/u> packer and also referred to as EnigmaVM.)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n<div>However, there are quite some curiosities, one of them being what appear to be hardcoded credentials:<\/div>\n<table cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/1.bp.blogspot.com\/-8QkMhsYOnUg\/XhubeA08-iI\/AAAAAAAACSo\/KJgfA_JcyzggNVN2pk05W-2TnYaImrFCACLcBGAsYHQ\/s1600\/db.PNG\" imageanchor=\"1\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" data-original-height=\"407\" data-original-width=\"422\" height=\"308\" src=\"https:\/\/1.bp.blogspot.com\/-8QkMhsYOnUg\/XhubeA08-iI\/AAAAAAAACSo\/KJgfA_JcyzggNVN2pk05W-2TnYaImrFCACLcBGAsYHQ\/s320\/db.PNG\" width=\"320\"><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\">Figure 3 &#8211; Hardcoded creds<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div>These hardcoded credentials will be leveraged in an attempt to connect to an SQL database with the <strong>xp_cmdshell<\/strong> command:<\/div>\n<div>Curiously, we can identify the following data inside the ransomware in regards to the SQL database:<\/div>\n<div>\n<div>\n<ul>\n<li>ecology.url<\/li>\n<li>ecology.password<\/li>\n<li>ecology.user<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div>Searching a bit further, we can discover a company named Finereport (<a href=\"https:\/\/www.finereport.com\/en\/company\">https:\/\/www.finereport.com\/en\/company<\/a>), which claims to be &#8220;<em>Top 1 in China\u2019s BI market share in IDC &#8220;China BI Software Tracker, 2018<\/em>&#8220;. You guessed it &#8211; it uses SQL as database.<\/div>\n<div>What else is new is, as mentioned before, the use of Enigma VirtualBox for packing an additional spreader module, aptly named <strong>poc.exe<\/strong>. This suggest they may be experimenting (<strong>poc<\/strong>&nbsp;often is an acronym for <strong>p<\/strong>roof <strong>o<\/strong>f <strong>c<\/strong>oncept).<\/p>\n<p>This file will be dropped to&nbsp;<strong>C:\\ProgramData\\poc.exe<\/strong>&nbsp;and will run the following command:<\/p>\n<blockquote class=\"tr_bq\">\n<p><em>cd \/D C:\\ProgramData&amp;star.exe &#8211;OutConfig a &#8211;TargetPort 445 &#8211;Protocol SMB &#8211;Architecture x64 &#8211;Function RunDLL &#8211;DllPayload C:\\ProgramData\\down64.dll &#8211;TargetIp&nbsp;<\/em><\/p>\n<\/blockquote>\n<p>Now compare this to Satan ransomware&#8217;s command:<\/p>\n<blockquote class=\"tr_bq\">\n<p><em>cmd \/c cd \/D C:\\Users\\Alluse~1\\&amp;blue.exe &#8211;TargetIp &amp; star.exe &#8211;OutConfig a &#8211;TargetPort 445 &#8211;Protocol SMB &#8211;Architecture x64 &#8211;Function RunDLL &#8211;DllPayload down64.dll &#8211;TargetIp&nbsp;<\/em><\/p>\n<\/blockquote>\n<p>Something looks similar here&#8230; \ud83d\ude42<\/p>\n<p><strong>5ss5c ransomware &#8211; how it operates<\/strong><br \/><strong><br \/><\/strong><\/p>\n<\/div>\n<div>Back to the actual ransomware. It will create the following mutexes:<\/div>\n<div>\n<ul>\n<li><strong>SSSS_Scan<\/strong>; and,<\/li>\n<li>&nbsp;<strong>5ss5c_CRYPT<\/strong>.<\/li>\n<\/ul>\n<\/div>\n<div>Just like its predecessor, 5ss5c also has an exclusion list, where it will not encrypt specific files as well as files in the following folders:<\/p>\n<table cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/1.bp.blogspot.com\/-OeBoVBRGB2Y\/Xh41IIQHJTI\/AAAAAAAACS4\/Tl9K9cmfHRQuDaiZI-LpguG0mNizQtCCQCLcBGAsYHQ\/s1600\/excl.PNG\" imageanchor=\"1\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" data-original-height=\"674\" data-original-width=\"798\" height=\"270\" src=\"https:\/\/1.bp.blogspot.com\/-OeBoVBRGB2Y\/Xh41IIQHJTI\/AAAAAAAACS4\/Tl9K9cmfHRQuDaiZI-LpguG0mNizQtCCQCLcBGAsYHQ\/s320\/excl.PNG\" width=\"320\"><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\">Figure 4 &#8211; Exclusion list<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/div>\n<p>For example, the following folders belonging to Qihoo 360 (an internet security company based in China also offering antivirus) were already excluded in Satan and DBGer ransomware:<\/p>\n<ul>\n<li>360rec<\/li>\n<li>360sec<\/li>\n<li>360sand<\/li>\n<\/ul>\n<p>While these are new in 5ss5c ransomware:<\/p>\n<ul>\n<li>360downloads<\/li>\n<li>360safe<\/li>\n<\/ul>\n<p>As in previous iterations, 5ss5c ransomware will stop database-related services and processes.<\/p>\n<p>It will however only encrypt files with the following extensions:<\/p>\n<blockquote class=\"tr_bq\">\n<p><em>7z, bak, cer, csv, db, dbf, dmp, docx, eps, ldf, mdb, mdf, myd, myi, ora, pdf, pem, pfx, ppt, pptx, psd, rar, rtf, sql, tar, txt, vdi, vmdk, vmx, xls, xlsx, zip<\/em><\/p>\n<\/blockquote>\n<p>This extension list is not like before, and includes mostly documents, archives, database files and VMware-related extensions such as <em>vmdk<\/em>.<\/p>\n<p>The ransomware will then create the following URI structure to communicate with the C2 server (<em>61.186.243[.]2<\/em>):<\/p>\n<ul>\n<li>\/api\/data.php?code=<\/li>\n<li>&amp;file=<\/li>\n<li>&amp;size=<\/li>\n<li>&amp;status=<\/li>\n<li>&amp;keyhash=off<\/li>\n<\/ul>\n<div>It will also create a ransomware note on the <strong>C:\\<\/strong> drive as:&nbsp;<strong>_\u5982\u4f55\u89e3\u5bc6\u6211\u7684\u6587\u4ef6_.txt<\/strong> which translates to&nbsp;<strong>_How to decrypt my file_.txt<\/strong>. Example content is as follows:<\/div>\n<table cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/1.bp.blogspot.com\/-T0B4txHlNHs\/Xh4-raVFVtI\/AAAAAAAACTE\/R-YoW8QHFLsuD140AF9vD-_rOifULExUgCLcBGAsYHQ\/s1600\/note.PNG\" imageanchor=\"1\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" data-original-height=\"862\" data-original-width=\"1291\" height=\"213\" src=\"https:\/\/1.bp.blogspot.com\/-T0B4txHlNHs\/Xh4-raVFVtI\/AAAAAAAACTE\/R-YoW8QHFLsuD140AF9vD-_rOifULExUgCLcBGAsYHQ\/s320\/note.PNG\" width=\"320\"><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\">Figure 5 &#8211; ransom note<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div>The content reads:<\/div>\n<p><\/p>\n<blockquote>\n<p><em>\u90e8\u5206\u6587\u4ef6\u5df2\u7ecf\u88ab\u52a0\u5bc6<br \/>\u5982\u679c\u4f60\u60f3\u627e\u56de\u52a0\u5bc6\u6587\u4ef6,\u53d1\u9001 (1) \u4e2a\u6bd4\u7279\u5e01\u5230\u6211\u7684\u94b1\u5305<br \/>\u4ece\u52a0\u5bc6\u5f00\u59cb48\u5c0f\u65f6\u4e4b\u5185\u6ca1\u6709\u5b8c\u6210\u652f\u4ed8,\u89e3\u5bc6\u7684\u91d1\u989d\u4f1a\u53d1\u751f\u7ffb\u500d.<br \/>\u5982\u679c\u6709\u5176\u4ed6\u95ee\u9898,\u53ef\u4ee5\u901a\u8fc7\u90ae\u4ef6\u8054\u7cfb\u6211<\/em><\/p>\n<p>\u60a8\u7684\u89e3\u5bc6\u51ed\u8bc1\u662f :<\/p>\n<p>Email:[5ss5c@mail.ru]<\/p>\n<\/blockquote>\n<div>Translated:<\/div>\n<div>\n<blockquote>\n<p><em>Some files have been encrypted<br \/>If you want to retrieve the encrypted file, send (1) Bitcoins to my wallet<br \/>If payment is not completed within 48 hours from the start of encryption, the amount of decryption will double.<br \/>If you have other questions, you can contact me by email<br \/>Your decryption credentials are:<\/em><\/p>\n<p>Email: [5ss5c@mail.ru]<\/p>\n<\/blockquote>\n<p>Interestingly, the ransomware note does not contain a Bitcoin address. Additionally, the note only contains instructions in Chinese, not Korean nor English like previous iterations. Is&nbsp;5ss5c ransomware more targeted, or just actively being tested by the group\/developers behind it?<\/p>\n<p>Encrypted files will have the actor&#8217;s email address prepended and a unique token with the ransomware&#8217;s name will be appended, for example;<br \/><em>test.txt<\/em>&nbsp;becomes <em>[5ss5c@mail.ru]test.txt.Y54GUHKIG1T2ZLN76II9F3BBQV7MK4UOGSQUND7U.5ss5c<\/em>.<\/p>\n<div><strong><span>Prevention<\/span><\/strong><\/div>\n<div>\n<ul>\n<li>Enable UAC;<\/li>\n<li>Enable Windows Update, and install updates (especially verify if&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/security-updates\/securitybulletins\/2017\/ms17-010\" target=\"_blank\" rel=\"noopener noreferrer\">MS17-010<\/a>&nbsp;is installed);<\/li>\n<li>Install an antivirus, and keep it up-to-date and running;<\/li>\n<li>Install a firewall, or enable the Windows Firewall;<\/li>\n<li>Restrict, where possible, access to shares (ACLs);<\/li>\n<li>Create backups! (and test them)<\/li>\n<\/ul>\n<div>More ransomware prevention can be found&nbsp;<a href=\"https:\/\/bartblaze.blogspot.co.uk\/p\/ransomware-prevention.html\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/div>\n<\/div>\n<p><strong><span>Conclusion<\/span><\/strong><br \/><strong><br \/><\/strong> Satan is dead, long live 5ss5c! It just doesn&#8217;t sound as good, does it?<\/p>\n<p>Whoever&#8217;s behind the development of Satan, DBGer, Lucky and likely Iron ransomware, is back in business with the 5ss5c ransomware, and it appears to be in active development &#8211; and is trying to increase (or perhaps focus?) its targeting and spread of the ransomware.<\/p>\n<p>It is recommended organisations detect and\/or search for the indicators of compromise (IOCs) below, and have proper prevention controls in place. MITRE ATT&amp;CK IDs can also be found below.<\/p>\n<div><strong>Indicators of Compromise<\/strong>:<\/p>\n<table class=\"tableizer-table\">\n<thead>\n<tr class=\"tableizer-firstrow\">\n<th>Type Indicator<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>File C:\\Program Files\\Common Files\\System\\Scanlog<\/td>\n<\/tr>\n<tr>\n<td>File C:\\Program Files\\Common Files\\System\\cpt.exe<\/td>\n<\/tr>\n<tr>\n<td>File C:\\Program Files\\Common Files\\System\\tmp<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\5ss5c_token<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\blue.exe<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\blue.fb<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\blue.xml<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\down64.dll<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\mmkt.exe<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\poc.exe<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\star.exe<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\star.fb<\/td>\n<\/tr>\n<tr>\n<td>File C:\\ProgramData\\star.xml<\/td>\n<\/tr>\n<tr>\n<td>Registry key SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\5ss5cStart<\/td>\n<\/tr>\n<tr>\n<td>Command C:\\Windows\\system32\\cmd.exe \/c cd \/D C:\\ProgramData&amp;blue.exe &#8211;TargetIp<\/td>\n<\/tr>\n<tr>\n<td>Command star.exe &#8211;OutConfig a &#8211;TargetPort 445 &#8211;Protocol SMB &#8211;Architecture x64 &#8211;Function RunDLL &#8211;DllPayload C:\\ProgramData\\down64.dll &#8211;TargetIp<\/td>\n<\/tr>\n<tr>\n<td>Mutex SSSS_Scan<\/td>\n<\/tr>\n<tr>\n<td>Mutex 5ss5c_CRYPT<\/td>\n<\/tr>\n<tr>\n<td>Email 5ss5c@mail.ru<\/td>\n<\/tr>\n<tr>\n<td>URL http:\/\/58.221.158.90:88\/car\/down.txt<\/td>\n<\/tr>\n<tr>\n<td>URL http:\/\/58.221.158.90:88\/car\/c.dat<\/td>\n<\/tr>\n<tr>\n<td>URL http:\/\/58.221.158.90:88\/car\/cpt.dat<\/td>\n<\/tr>\n<tr>\n<td>IP 58.221.158.90<\/td>\n<\/tr>\n<tr>\n<td>IP 61.186.243.2<\/td>\n<\/tr>\n<tr>\n<td>Hash 82ed3f4eb05b76691b408512767198274e6e308e8d5230ada90611ca18af046d<\/td>\n<\/tr>\n<tr>\n<td>Hash dc3103fb21f674386b01e1122bb910a09f2226b1331dd549cbc346d8e70d02df<\/td>\n<\/tr>\n<tr>\n<td>Hash 9a1365c42f4aca3e9c1c5dcf38b967b73ab56e4af0b4a4380af7e2bf185478bc<\/td>\n<\/tr>\n<tr>\n<td>Hash af041f6ac90b07927696bc61e08a31a210e265a997a62cf732f7d3f5c102f1da<\/td>\n<\/tr>\n<tr>\n<td>Hash ca154fa6ff0d1ebc786b4ea89cefae022e05497d095c2391331f24113aa31e3c<\/td>\n<\/tr>\n<tr>\n<td>Hash e685aafc201f851a47bc926dd39fb12f4bc920f310200869ce0716c41ad92198<\/td>\n<\/tr>\n<tr>\n<td>Hash e5bb194413170d111685da51b58d2fd60483fc7bebc70b1c6cb909ef6c6dd4a9<\/td>\n<\/tr>\n<tr>\n<td>Hash ddfd1d60ffea333a1565b0707a7adca601dafdd7ec29c61d622732117416545f<\/td>\n<\/tr>\n<tr>\n<td>Hash ef90dcc647e50c2378122f92fba4261f6eaa24b029cfa444289198fb0203e067<\/td>\n<\/tr>\n<tr>\n<td>Hash 47fa9c298b904d66a5eb92c67dee602198259d366ef4f078a8365beefb9fdc95<\/td>\n<\/tr>\n<tr>\n<td>Hash 68e644aac112fe3bbf4e87858f58c75426fd5fda93f194482af1721bc47f1cd7<\/td>\n<\/tr>\n<tr>\n<td>Hash ea7caa08e115dbb438e29da46b47f54c62c29697617bae44464a9b63d9bddf18<\/td>\n<\/tr>\n<tr>\n<td>Hash 23205bf9c36bbd56189e3f430c25db2a27eb089906b173601cd42c66a25829a7<\/td>\n<\/tr>\n<tr>\n<td>Hash a46481cdb4a9fc1dbdcccc49c3deadbf18c7b9f274a0eb5fdf73766a03f19a7f<\/td>\n<\/tr>\n<tr>\n<td>Hash cf33a92a05ba3c807447a5f6b7e45577ed53174699241da360876d4f4a2eb2de<\/td>\n<\/tr>\n<tr>\n<td>Hash 8e348105cde49cad8bfbe0acca0da67990289e108799c88805023888ead74300<\/td>\n<\/tr>\n<tr>\n<td>Hash ad3c0b153d5b5ba4627daa89cd2adbb18ee5831cb67feeb7394c51ebc1660f41<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>These indicators are also available on AlienVault OTX:<br \/><a href=\"https:\/\/otx.alienvault.com\/pulse\/5e1e45cddcc6457fa4ce6c5a\" target=\"_blank\" rel=\"noopener noreferrer\">Satan ransomware rebrands as 5ss5c ransomware<\/a><\/p>\n<p><strong>MITRE ATT&amp;CK techniques<\/strong><\/p>\n<\/p><\/div>\n<\/div>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/30845\/Satan-Ransomware-Rebrands-As-5ss5c-Ransomware.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":32790,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[1489],"class_list":["post-32789","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwarecybercrimefraudcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Satan Ransomware Rebrands As 5ss5c Ransomware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Satan Ransomware Rebrands As 5ss5c Ransomware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-15T17:21:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/satan-ransomware-rebrands-as-5ss5c-ransomware.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"188\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Satan Ransomware Rebrands As 5ss5c Ransomware\",\"datePublished\":\"2020-01-15T17:21:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/\"},\"wordCount\":1799,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/satan-ransomware-rebrands-as-5ss5c-ransomware.png\",\"keywords\":[\"headline,malware,cybercrime,fraud,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/\",\"name\":\"Satan Ransomware Rebrands As 5ss5c Ransomware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/satan-ransomware-rebrands-as-5ss5c-ransomware.png\",\"datePublished\":\"2020-01-15T17:21:46+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/satan-ransomware-rebrands-as-5ss5c-ransomware.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/satan-ransomware-rebrands-as-5ss5c-ransomware.png\",\"width\":400,\"height\":188},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/satan-ransomware-rebrands-as-5ss5c-ransomware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,cybercrime,fraud,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwarecybercrimefraudcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Satan Ransomware Rebrands As 5ss5c Ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Satan Ransomware Rebrands As 5ss5c Ransomware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/","og_locale":"en_US","og_type":"article","og_title":"Satan Ransomware Rebrands As 5ss5c Ransomware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-01-15T17:21:46+00:00","og_image":[{"width":400,"height":188,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/satan-ransomware-rebrands-as-5ss5c-ransomware.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Satan Ransomware Rebrands As 5ss5c Ransomware","datePublished":"2020-01-15T17:21:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/"},"wordCount":1799,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/satan-ransomware-rebrands-as-5ss5c-ransomware.png","keywords":["headline,malware,cybercrime,fraud,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/","url":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/","name":"Satan Ransomware Rebrands As 5ss5c Ransomware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/satan-ransomware-rebrands-as-5ss5c-ransomware.png","datePublished":"2020-01-15T17:21:46+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/satan-ransomware-rebrands-as-5ss5c-ransomware.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/satan-ransomware-rebrands-as-5ss5c-ransomware.png","width":400,"height":188},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/satan-ransomware-rebrands-as-5ss5c-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,cybercrime,fraud,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwarecybercrimefraudcryptography\/"},{"@type":"ListItem","position":3,"name":"Satan Ransomware Rebrands As 5ss5c Ransomware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/32789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=32789"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/32789\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/32790"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=32789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=32789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=32789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}