{"id":49021,"date":"2022-10-25T17:10:05","date_gmt":"2022-10-25T17:10:05","guid":{"rendered":"https:\/\/www.darkreading.com\/risk\/threat-groups-repurpose-banking-trojans-backdoors"},"modified":"2022-10-25T17:10:05","modified_gmt":"2022-10-25T17:10:05","slug":"threat-groups-repurpose-banking-trojans-into-backdoors","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/","title":{"rendered":"Threat Groups Repurpose Banking Trojans into Backdoors"},"content":{"rendered":"
<\/div>\n

Threat groups continue to recycle code from older tools into more generalized frameworks, a trend that will continue as the codebases incorporate more modularity, security experts said this week.<\/p>\n

In the latest example, the threat group behind Ursnif \u2014 aka Gozi \u2014 recently moved the tool away from a focus on financial services to more general backdoor capabilities, cybersecurity services firm Mandiant stated in an analysis. The new variant, which the company has dubbed LDR4, is likely intended to facilitate the spread of ransomware and the theft of data for extortion.<\/p>\n

The modular malware joins Trickbot<\/a>, Emotet<\/a>, Qakbot<\/a>, IcedID<\/a>, and Gootkit<\/a>, among others, as tools that started as banking Trojans but have been repurposed as backdoors, without requiring the development effort of creating an entirely new codebase, says Jeremy Kennelly, senior manager for financial crime analysis at Mandiant.<\/p>\n

“The developers working on banking Trojans have taken multiple approaches to retooling their malware as a backdoor to support intrusion operations, though a major code rewrite hasn\u2019t generally been deemed necessary,” he says. “These malware families \u2014 at their core \u2014 are just modular backdoors that have historically loaded secondary components enabling ‘banker’ functionality.”<\/p>\n

Mandiant’s analysis of Ursnif points out that maintaining multiple codebases is a challenging task for malware developers, especially when one mistake could give defenders a way to block an attack and investigators a way to hunt down the attacker. Maintaining a single modular codebase is much more scalable, the company’s analysis this week stated<\/a>.<\/p>\n

A Malware Movement Toward Backdoor Modularity<\/h2>\n

It’s unsurprising that malware developers are moving to more general and modular code, says Max Gannon, a senior intelligence analyst at Cofense.<\/p>\n

“In some cases, a purpose-built remote access Trojan (RAT), traditionally viewed as a backdoor, may be more conducive to the threat activity,” he says. “However, a lot of threat actors want more than just a backdoor, and many commodity malware families have morphed to become multipurpose tools that simply include backdoor access.”<\/p>\n

The specialization of tools in the cybercriminal underground is also a reason why older codebases are being repurposed. By focusing specific tools on areas of attack \u2014 such as initial access, lateral movement, or data exfiltration \u2014 the developers of these tools are able to differentiate themselves against competitors and offer a unique set of features. Using existing codebases also saves time, and making such projects modular allows the tool to be customized for the customer’s \u2014 read, “attacker’s” \u2014 needs, says Jon Clay, vice president of threat intelligence at Trend Micro.<\/p>\n

“The coders behind many of these toolkits create them and sell them within the cybercriminal underground markets, as they offer newbies and other malicious actors with a ready-made kits for executing attacks,” he says. “Many of these offer automations now as well as GUI interfaces to manage the attacks and victim information\/data.”<\/p>\n

The original Ursnif code appeared in the mid-2000s. The Zeus banking Trojan \u2014 used in thefts of tens of millions<\/a>, and likely hundreds of millions, of dollars \u2014 has had a similar trajectory<\/a>, with its adoption accelerated by a source code leak. Another banking Trojan, Emotet<\/a>, has now become a general backdoor, allowing its development group to offer access as a service to other cybercriminals, a business relationship also demonstrated by Qakbot, another Trojan initially created as a banking Trojan<\/a>.<\/p>\n

All of these programs had the benefit of modularity, says Mandiant’s Kennelly.<\/p>\n

“All bankers that have been broadly repurposed as backdoors were already modular, which has the added benefit of limiting the complexity of the core malware while providing significant operational flexibility,” he says. “These established malware families also had a proven track record and general familiarity to the actors using them.”<\/p>\n

Swiss Army Knife Malware Delivery<\/h2>\n

Rather than changes in functionality, a lot of the evolution in categorizing attackers tools has come about because labeling has had to catch up to changes in the malware design. By redesigning the codebases to be modular, defining a tool as a single thing \u2014 whether a banking Trojan, a spam bot, or a worm \u2014 becomes much more difficult. Adding a single new module would change the label for the code.<\/p>\n

In the past, for example, computer viruses spread by infecting files, while worms used automated scanning and exploitation to spread quickly and more widely. However, a number of Trojans incorporated either or both functionality, leading to a more general term: malicious software, or malware.<\/p>\n

A similar evolution has happened around the classification of attacker tools. Programs that were originally considered to be banking Trojans, RATs, or a scanning tools are now capabilities of more general frameworks, says Codefense’s Gannon.<\/p>\n

“If we think of a backdoor as software that sits on a machine to provide access that skirts normal security measures, banking Trojans inherently act as backdoors in order to perform their usual functions, so almost any banking Trojan can be used as one without the need for many changes,” he says. “The difference is often simply in the intent of the user.”<\/p>\n

How to Protect Against Modular Malware<\/h2>\n

To combat the threat, companies should have tools that look for telltale signs that a backdoor or RAT are being used inside their network. Since phishing attacks are a common way to compromise end user’s systems, multifactor authentication (MFA) and employee training can also help harden businesses against attacks.<\/p>\n

Overall, having visibility into change to systems and anomalous traffic on the network can help immensely, Trend Micro’s Clay says.<\/p>\n

“The main thing to know is that in many cases there are early signs of these tools being used within the organization and that if seen,” he says, “they should be taken very seriously that there is likely an active campaign against them.”<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Ursnif, a one-time banking Trojan also known as Gozi, becomes the latest codebase to be repurposed as a more general backdoor, as malware developers trend toward modularity.Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-49021","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nThreat Groups Repurpose Banking Trojans into Backdoors 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat Groups Repurpose Banking Trojans into Backdoors 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-25T17:10:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc5567ee7536591bb\/6238e71046d8c56f3f76b78b\/backdoor_Imilian_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Threat Groups Repurpose Banking Trojans into Backdoors\",\"datePublished\":\"2022-10-25T17:10:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/\"},\"wordCount\":959,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltc5567ee7536591bb\\\/6238e71046d8c56f3f76b78b\\\/backdoor_Imilian_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/\",\"name\":\"Threat Groups Repurpose Banking Trojans into Backdoors 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltc5567ee7536591bb\\\/6238e71046d8c56f3f76b78b\\\/backdoor_Imilian_shutterstock.jpg\",\"datePublished\":\"2022-10-25T17:10:05+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltc5567ee7536591bb\\\/6238e71046d8c56f3f76b78b\\\/backdoor_Imilian_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltc5567ee7536591bb\\\/6238e71046d8c56f3f76b78b\\\/backdoor_Imilian_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-groups-repurpose-banking-trojans-into-backdoors\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Threat Groups Repurpose Banking Trojans into Backdoors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat Groups Repurpose Banking Trojans into Backdoors 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/","og_locale":"en_US","og_type":"article","og_title":"Threat Groups Repurpose Banking Trojans into Backdoors 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-10-25T17:10:05+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc5567ee7536591bb\/6238e71046d8c56f3f76b78b\/backdoor_Imilian_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Threat Groups Repurpose Banking Trojans into Backdoors","datePublished":"2022-10-25T17:10:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/"},"wordCount":959,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc5567ee7536591bb\/6238e71046d8c56f3f76b78b\/backdoor_Imilian_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/","url":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/","name":"Threat Groups Repurpose Banking Trojans into Backdoors 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc5567ee7536591bb\/6238e71046d8c56f3f76b78b\/backdoor_Imilian_shutterstock.jpg","datePublished":"2022-10-25T17:10:05+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc5567ee7536591bb\/6238e71046d8c56f3f76b78b\/backdoor_Imilian_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltc5567ee7536591bb\/6238e71046d8c56f3f76b78b\/backdoor_Imilian_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/threat-groups-repurpose-banking-trojans-into-backdoors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Threat Groups Repurpose Banking Trojans into Backdoors"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49021","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49021"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49021\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}