{"id":34965,"date":"2020-05-13T21:35:00","date_gmt":"2020-05-13T21:35:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/new-cyber-espionage-framework-dubbed-ramsay\/d\/d-id\/1337818"},"modified":"2020-05-13T21:35:00","modified_gmt":"2020-05-13T21:35:00","slug":"new-cyber-espionage-framework-dubbed-ramsay","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/","title":{"rendered":"New Cyber-Espionage Framework Dubbed Ramsay"},"content":{"rendered":"<header>\n<\/header>\n<p><span class=\"strong black\">The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks.<\/span> <\/p>\n<p class>Researchers have found a new cyber-espionage framework developed to collect and exfiltrate sensitive files from air-gapped networks not connected to the Internet. This framework, named Ramsay, has gone through several iterations as its developers test new approaches to attack.<\/p>\n<p>The research team with cybersecurity firm ESET discovered its first Ramsay component earlier this year when a file uploaded to VirusTotal caught its attention, says Alexis Dorais-Joncas, head of ESET&#8217;s Montreal-based research team. The researchers don&#8217;t know precisely how long Ramsay has been active; however, they don&#8217;t believe the framework was used in the wild before late 2019.<\/p>\n<p>This initial sample was uploaded from Japan and led the research team to find more versions and components of Ramsay. The team also found &#8220;substantial evidence&#8221; indicating the framework was still undergoing development, with its operators still fine-tuning Ramsay&#8217;s delivery vectors.<\/p>\n<p>ESET telemetry shows Ramsay only has a small pool of victims. This reinforces the team&#8217;s belief that the framework is still in development; however, the low visibility of victims could also be attributed to the discovery that Ramsay&#8217;s targeted systems are in air-gapped networks not connected to the Internet. So far, it&#8217;s clear Ramsay is a new form of malware; it&#8217;s unclear who is behind it.<\/p>\n<p>&#8220;We tried connecting Ramsay to existing groups\/threat actors, but nothing emerged despite our best efforts,&#8221; Dorais-Joncas explains. &#8220;We know Ramsay is a new malware, but we don&#8217;t know if it is the work of an existing group that created a new tool or of a brand-new group.&#8221;<\/p>\n<p>The team has not been able to confirm any relevant details on Ramsay&#8217;s targets or victims from a geolocation or industry point of view, he continues, noting the VirusTotal upload doesn&#8217;t offer more exact information. &#8220;The fact that this framework was never documented and attributed to a known actor makes it even harder to determine the actual targets,&#8221; he says. Publication of these findings could draw attention to the threat and help researchers unearth additional intel.<\/p>\n<p>Ramsay&#8217;s intent is espionage, Dorais-Joncas explains. The fact that it&#8217;s designed to operate without Internet connectivity indicates it is built to be used in highly restricted environments, or air-gapped systems, which typically protect high-value information. The framework is built to run for a long period of time, during which it monitors removable drives and network shares for new documents to steal until an exfiltration happens, he says.<\/p>\n<p>&#8220;The level of detail and complexity implemented in various parts of Ramsay is very high,&#8221; Dorais-Joncas adds. &#8220;The way stolen files get stored together in a covert, distributed way on the file system until the exfiltration occurs is a good example of that.&#8221;<\/p>\n<p><strong>Inside Ramsay&#8217;s Capabilities and Attack Vectors<\/strong><br \/>Researchers found three versions of Ramsay, all of which contain the same core capabilities but have different levels of complexity and sophistication. All iterations of the framework are built to collect Word documents and control using a file-based protocol.<\/p>\n<p>Ramsay&#8217;s primary goal is to collect all existing Microsoft Word documents on a target filesystem. Word documents are first collected and stored in a preliminary collection directory, the location of which depends on Ramsay version. &#8220;Depending on the Ramsay version, file collection won&#8217;t be restricted to the local system drive, but also will search additional drives such as network or removable drives,&#8221; ESET researchers explain in a <a href=\"https:\/\/www.welivesecurity.com\/2020\/05\/13\/ramsay-cyberespionage-toolkit-airgapped-networks\/\" target=\"_blank\" rel=\"noopener noreferrer\">writeup<\/a> of their findings.&nbsp;<\/p>\n<p>Unlike most malware, Ramsay does not have a network-based command-and-control communication protocol, nor does it try to connect to a remote host for communications. It scans all network shares and removable drives for potential control files. First, it looks for Word documents; in more recent iterations, Ramsay also looks for PDF files and ZIP archives.<\/p>\n<p>In their blog post, researchers note there is a correlation between the target drives that Ramsay scans for propagation and control document retrieval. &#8220;This assesses the relationship between Ramsay&#8217;s spreading and control capabilities showing how Ramsay&#8217;s operators leverage the framework for lateral movement, denoting the likelihood that this framework has been designed to operate within air-gapped networks,&#8221; they explain.<\/p>\n<p>The differences between the iterations of Ramsay are subtle; however, Dorais-Joncas notes there is greater refinement of its persistence techniques along with using more components, such as a rootkit, in version 2. There are two instances of version 2, one of which (2.a) contains a spreader and is disguised as a benign Trojanized application. The other (2.b) uses a malicious file to drop Ramsay&#8217;s agent, and there is no spreader involved.&nbsp;<\/p>\n<p>&#8220;We interpret this as threat actors behind this framework may be maintaining various versions of Ramsay tailored for specific victims and attack scenarios,&#8221; he explains.&nbsp;<\/p>\n<p>Ramsay developers in charge of attack vectors seem to be trying different techniques, researchers found, such as old exploits for Windows flaws from 2017, as well as deployment of malicious applications delivered via spearphishing emails. This is another indication that operators have a prior understanding of victims&#8217; environments and choose attack vectors accordingly.<\/p>\n<p><strong>Related Content:<\/strong><\/p>\n<div><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg\" alt width=\"450\" height=\"70\"><\/div>\n<div><em><strong><strong>Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that &#8220;really&nbsp;<\/strong><strong>&nbsp;bad day&#8221; in cybersecurity. Click for<\/strong><strong>&nbsp;<a href=\"https:\/\/events.darkreading.com\/virtualsummit\/\" target=\"_blank\" rel=\"noopener noreferrer\">more information and to register<\/a>.&nbsp;<\/strong><\/strong><\/em><\/div>\n<p><span class=\"italic\">Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance &amp; Technology, where she covered financial &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=837\">View Full Bio<\/a><\/span> <\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/new-cyber-espionage-framework-dubbed-ramsay\/d\/d-id\/1337818?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/new-cyber-espionage-framework-dubbed-ramsay\/d\/d-id\/1337818?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-34965","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New Cyber-Espionage Framework Dubbed Ramsay 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Cyber-Espionage Framework Dubbed Ramsay 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-13T21:35:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New Cyber-Espionage Framework Dubbed Ramsay\",\"datePublished\":\"2020-05-13T21:35:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/\"},\"wordCount\":941,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/\",\"name\":\"New Cyber-Espionage Framework Dubbed Ramsay 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\",\"datePublished\":\"2020-05-13T21:35:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-cyber-espionage-framework-dubbed-ramsay\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Cyber-Espionage Framework Dubbed Ramsay\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Cyber-Espionage Framework Dubbed Ramsay 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/","og_locale":"en_US","og_type":"article","og_title":"New Cyber-Espionage Framework Dubbed Ramsay 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-05-13T21:35:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New Cyber-Espionage Framework Dubbed Ramsay","datePublished":"2020-05-13T21:35:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/"},"wordCount":941,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/","url":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/","name":"New Cyber-Espionage Framework Dubbed Ramsay 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","datePublished":"2020-05-13T21:35:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-cyber-espionage-framework-dubbed-ramsay\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"New Cyber-Espionage Framework Dubbed Ramsay"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34965"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34965\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}