{"id":44341,"date":"2021-12-09T00:00:00","date_gmt":"2021-12-09T00:00:00","guid":{"rendered":"urn:uuid:f5c98506-269f-4359-1a87-bb1040838eb8"},"modified":"2021-12-09T00:00:00","modified_gmt":"2021-12-09T00:00:00","slug":"the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/","title":{"rendered":"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs"},"content":{"rendered":"

<\/p>\n

<\/div>\n

New IoT botnet techniques<\/span><\/p>\n

During the observation period, we noted four new techniques added to threat actors\u2019 arsenals. One is a newly implemented technique in botnet families called Masquerading: Match Legitimate Name or Location (T1036.005)<\/i>. It is <\/i>a Defense Evasion technique that likely reflect the manufacturers\u2019 increasing interest and efforts in securing these IoT devices or appliances. The technique involves adversaries trying to match the name and location of legitimate and trusted programs to hide malicious executables and evade detection.<\/p>\n

Another new technique that diverges from the more common technique being used in IoT Linux malware (Indicator Removal on Host: File Deletion (T1070.004) is File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification (T1222.002)<\/i> introduced in a malware discovered in mid-2020. We observed these additions especially in the Dark Nexus<\/a> malware. Most of the platforms provide two primary commands used to manipulate file and directory ACLs: chown (change owner) and chmod (change mode).<\/p>\n

Furthermore, among the 2021 discovered families, is a variant of StealthWorker GO<\/a>, a malware written in the Golang language, where we observed the addition of the Scheduled Task\/Job: Cron (T1053.003)<\/i> technique. This is an execution tactic which also allows malware to achieve persistence in the system. This software utility maintains persistence in the system by enabling an attacker to achieve time-based command execution.<\/b><\/p>\n

Dropped techniques<\/span><\/p>\n

On the other hand, we found three techniques relating to the lateral movement tactic to have been dropped. We observed a trend in recently discovered families that gives the responsibility for propagation back to the C&C server. In the Dark Nexus family, for example, we found that it is the C&C server that takes steps to propagate the malware. Our analysis highlighted the drop of two techniques linked to the Lateral Movement tactic, which are Remote Services (T1021)<\/i> and Exploitation of Remote Services (T1210)<\/i>. In relation to this, the technique for the discovery of network information, System Network Configuration Discovery (T1016)<\/i>, is also no longer enforced.<\/p>\n

Uncommon techniques<\/span><\/p>\n

Additionally, we noticed that IoT Linux malware authors are not interested in stealing data. In our data set, there is only one malware (QSnatch<\/a>) that implements typical tactics for data leakages, such as collection and exfiltration. Moreover, we also found that privilege escalation is not among the interests of IoT malware authors. It is likely because, from a malware author\u2019s standpoint, the benefits of executing malware that require higher privileges are not worth the effort of implementation. Furthermore, the default accounts on targeted devices usually already come with all the privileges needed to run programs, write to the filesystem, and establish new connections.<\/b><\/p>\n

Differences between ransomware and botnet malware<\/span><\/p>\n

The characterization through the ATT&CK matrix also allowed us to compare different malware classes that target IoT devices which in our data set are ransomware and botnet families.<\/p>\n

The findings highlight some common techniques, such as the Credential Access methodology where Brute Force: Password Guessing (T1110.001) <\/i>is <\/i>the most common <\/i>technique <\/i>that both malware classes fall under. This finding is not a surprise since it is common to find default usernames and passwords still being used in these kinds of devices. Usually, users are not aware of the risks of exposing IoT devices to the internet. Indeed, many devices are still installed without changing the default credentials or securing remote access.<\/p>\n

Another common capability for both classes is External Remote Services (T1133)<\/i> from the Initial Access Tactic, which confirms unsecured and exposed internet services, such as Telnet and SSH. This technique allows attackers to exploit external-facing remote services to initially access and\/or persist within a network; they also often use exposed services that do not require authentication.<\/p>\n

Another similarity is in the two classes\u2019 Command and Control implementation, as both implement Application Layer Protocol: Web protocol (T1071.001).<\/i> This is likely because the market for malware-as-a-service is growing. Thus, having a simple UI that the \u201ccustomers\u201d or other threat actors can use to control the malware is an important aspect.<\/p>\n

By comparing the number of unique TTPs implemented, we studied the implementation variations among different malware families and noticed that while different ransomware families share many common techniques, botnets tend to innovate more and implement a variety of different TTPs to exploit many services. This may be because detection of botnet malware is more mature, so they require more frequent changes to avoid being easily detected. These differences are illustrated in Figure 2.<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

In our study, we relied on the tactics, techniques, and procedures of MITRE ATT&CK to define the malware capabilities and characteristics of IoT Linux malware. We describe our findings and how IoT malware has been evolving. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":44342,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9511,9514,9509],"class_list":["post-44341","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-iot","tag-trend-micro-research-research"],"yoast_head":"\nThe Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-09T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/l\/the-evolution-of-iot-linux-malware-based-on-mitre-att-ck-ttps\/the%20evolution%20of%20IoT%20linux%20malware%20based%20on%20mitre%20attack%20ttps.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs\",\"datePublished\":\"2021-12-09T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/\"},\"wordCount\":758,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : IoT\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/\",\"name\":\"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps.jpg\",\"datePublished\":\"2021-12-09T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/","og_locale":"en_US","og_type":"article","og_title":"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-09T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/l\/the-evolution-of-iot-linux-malware-based-on-mitre-att-ck-ttps\/the%20evolution%20of%20IoT%20linux%20malware%20based%20on%20mitre%20attack%20ttps.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs","datePublished":"2021-12-09T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/"},"wordCount":758,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/12\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : IoT","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/","url":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/","name":"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/12\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps.jpg","datePublished":"2021-12-09T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/12\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/12\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-evolution-of-iot-linux-malware-based-on-mitre-attck-ttps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44341"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44341\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/44342"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}