{"id":35999,"date":"2020-07-09T21:35:00","date_gmt":"2020-07-09T21:35:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/up-close-with-evilnum-the-apt-group-behind-the-malware\/d\/d-id\/1338321"},"modified":"2020-07-09T21:35:00","modified_gmt":"2020-07-09T21:35:00","slug":"up-close-with-evilnum-the-apt-group-behind-the-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/","title":{"rendered":"Up Close with Evilnum, the APT Group Behind the Malware"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.<\/span><\/p>\n<p class>Researchers today published an analysis of advanced persistent threat (APT) group Evilnum, known for developing malware of the same name. A detailed look at its activity reveals an evolved toolset and infrastructure that combine custom malware with tools bought from malware-as-a-service (MaaS) providers.<\/p>\n<p>Evilnum has been around for at least two years, according to Mat\u00edas Porolli, a&nbsp; malware researcher at ESET, which has been tracking the malware&#8217;s operations since April.&nbsp;The group has historically targeted financial technology companies that offer training and investment platforms. Its attacks are few in number but very specific. This, combined with Evilnum&#8217;s use of legitimate tools in its activity, has helped the group fly mostly&nbsp;under the radar.<\/p>\n<p>While Evilnum&#8217;s malware has been active since 2018, little is known about how it operates. ESET began its research when one of its automated systems flagged a malicious sample for an Evilnum custom components, says Porolli. Analysis revealed the code was related to an earlier report; telemetry data helped connect the dots and learn more about how Evilnum functions.<\/p>\n<p>Most of the group&#8217;s targets are located in the EU and UK, though some attacks have landed in Australia and Canada. Organizations usually have offices in several locations, which could explain the group&#8217;s geographical range.<\/p>\n<p>Evilnum&#8217;s primary goal is to spy on its targets and steal financial data from businesses and their customers. Its attackers have previously stolen spreadsheets and documents with customer lists, investments, and trading operations; internal presentations; software licenses and credentials for trading software and platforms; browser cookies and session data; email credentials; credit card information; and proof of address and identity documents. The group has also obtained access to VPN configurations and other IT-related information.<\/p>\n<p>Like many threat groups, Evilnum starts with a phishing email. Messages contain a link to a ZIP file hosted in Google Drive. This archive has multiple LNK files designed to extract and execute a malicious JavaScript component while displaying a fake document. These &#8220;shortcut&#8221; files have &#8220;double extensions&#8221; to trick victims into believing they are harmless and opening them.<\/p>\n<p>These LNK files all do the same thing: When opened, a file searches its contents for lines with a specific marker and writes them to a JavaScript file. This malicious file is executed and then writes and opens a decoy file with the same name as the LNK file. Decoy files are typically photos of credit cards or identity documents&nbsp;\u2013 things a financial institution may need from customers.<\/p>\n<p>&#8220;The emails take advantage of &#8216;know your customer&#8217; regulations,&#8221; Porolli explains. &#8220;Most of the malicious samples that they used in spear-phishing emails pretended to be photos of identity cards, credit cards, or bills with proof of address for account verification purposes. Financial institutions are required to verify such documents to prevent illegal activities, so the malicious emails may get mixed with legitimate verification emails from real customers.&#8221;<\/p>\n<p>It&#8217;s assumed these decoy documents are legitimate and have been collected from other attacks, as Evilnum targets support representatives and account managers who receive these kinds of files. Attackers collect and reuse the documents on different businesses within the same region.&nbsp;<\/p>\n<p><strong>Building Blocks of Evilnum Infrastructure<br \/><\/strong>Evilnum runs an infrastructure with multiple command-and-control (C2) servers. One handles communications for the JavaScript component, which is the first stage of the attack and can launch other malware, such as MaaS tools or Python-based tools. Another server handles the C# component. A third server stores its tools and exfiltrated data, proxy server, and other parts.<\/p>\n<p>&#8220;This group keeps each of its malicious components independent from each other, with dedicated servers,&#8221; Porolli explains. &#8220;They don&#8217;t reuse their infrastructure from attacks documented in the past, which makes it harder for analysts to track them.&#8221;<\/p>\n<p>The group&#8217;s attackers also use backdoors \u2013 some custom, others purchased \u2013 which give them more options to maintain control over their victims and backup options in case one of their backdoors is removed. The length of time they remain on a network varies depending on the target&#8217;s security, Porolli continues, but they can try to break in again if they lose control.&nbsp;<\/p>\n<p>In some attacks, Evilnum attackers deploy tools purchased from the Golden Chickens MaaS provider. These shops sell malicious binaries and needed infrastructure, such as C2 servers. Golden Chickens also sells to FIN6 and Cobalt Group, Porolli says; older versions of components that Evilnum uses were seen in other groups&#8217; attacks. Researchers don&#8217;t believe these groups are the same, but they happen to share a MaaS provider. Other groups using Golden Chickens also had financial targets, and it has a strong reputation on the black market.<\/p>\n<p>While not much is known about how they use stolen data, Porolli points out their operation is profitable enough to invest in MaaS components. This model gives attackers both malware and an infrastructure that&#8217;s unlikely to be traced back to them.&nbsp;<\/p>\n<p>&#8220;We&#8217;ve seen this group going for redundancy and independence of their malicious components in order to persist longer in a target&#8217;s network,&#8221; he adds.&nbsp;&nbsp;<\/p>\n<p>More details about the operation can be found in Porolli&#8217;s&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2020\/07\/09\/more-evil-deep-look-evilnum-toolset\/\" target=\"_blank\" rel=\"noopener noreferrer\">full analysis<\/a>.<\/p>\n<p><strong>Related Content:<\/strong><\/p>\n<p><strong>&nbsp;<\/strong><\/p>\n<p><span class=\"italic\">Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance &amp; Technology, where she covered financial &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=837\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/up-close-with-evilnum-the-apt-group-behind-the-malware\/d\/d-id\/1338321?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques. Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/up-close-with-evilnum-the-apt-group-behind-the-malware\/d\/d-id\/1338321?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-35999","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Up Close with Evilnum, the APT Group Behind the Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Up Close with Evilnum, the APT Group Behind the Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-09T21:35:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Up Close with Evilnum, the APT Group Behind the Malware\",\"datePublished\":\"2020-07-09T21:35:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/\"},\"wordCount\":942,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/\",\"name\":\"Up Close with Evilnum, the APT Group Behind the Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"datePublished\":\"2020-07-09T21:35:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/up-close-with-evilnum-the-apt-group-behind-the-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Up Close with Evilnum, the APT Group Behind the Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Up Close with Evilnum, the APT Group Behind the Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/","og_locale":"en_US","og_type":"article","og_title":"Up Close with Evilnum, the APT Group Behind the Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-07-09T21:35:00+00:00","og_image":[{"url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Up Close with Evilnum, the APT Group Behind the Malware","datePublished":"2020-07-09T21:35:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/"},"wordCount":942,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/","url":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/","name":"Up Close with Evilnum, the APT Group Behind the Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","datePublished":"2020-07-09T21:35:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/#primaryimage","url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","contentUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/up-close-with-evilnum-the-apt-group-behind-the-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Up Close with Evilnum, the APT Group Behind the Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35999"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35999\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}