{"id":49751,"date":"2022-12-16T00:00:00","date_gmt":"2022-12-16T00:00:00","guid":{"rendered":"urn:uuid:c747f86b-d793-f445-a0cc-cb5e6f9c4157"},"modified":"2022-12-16T00:00:00","modified_gmt":"2022-12-16T00:00:00","slug":"agenda-ransomware-uses-rust-to-target-more-vital-industries","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/","title":{"rendered":"Agenda Ransomware Uses Rust to Target More Vital Industries"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/Agenda-Ransomware-Uses-Rust-to-Target-More-Vital-Industries-641.png\"><!-- OneTrust Cookies Consent Notice start for trendmicro.com --><!-- OneTrust Cookies Consent Notice end for trendmicro.com --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda's Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"endpoints,ransomware,research,articles, news, reports\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2022-12-16\"> <meta property=\"article:tag\" content=\"ransomware\"> <meta property=\"article:section\" content=\"research\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries.html\"> <title>Agenda Ransomware Uses Rust to Target More Vital Industries<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries.html\"><br \/>\n<meta property=\"og:title\" content=\"Agenda Ransomware Uses Rust to Target More Vital Industries\"><br \/>\n<meta property=\"og:description\" content=\"This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda's Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/Agenda-Ransomware-Uses-Rust-to-Target-More-Vital-Industries-641.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Agenda Ransomware Uses Rust to Target More Vital Industries\"><br \/>\n<meta name=\"twitter:description\" content=\"This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda's Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/Agenda-Ransomware-Uses-Rust-to-Target-More-Vital-Industries-641.png\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.590610115672\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"942169756\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"12.774131274131\">\n<div class=\"article-details\" role=\"heading\" readability=\"45.200772200772\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Ransomware<\/p>\n<p class=\"article-details__description\">This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda&#8217;s Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works.<\/p>\n<p class=\"article-details__author-by\">By: Nathaniel Morales, Ivan Nicole Chavez, Nathaniel Gregory Ragasa, Don Ovid Ladores, Jeffrey Francis Bonaobra, Monte de Jesus <time class=\"article-details__date\">December 16, 2022<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"40.271186440678\">\n<div readability=\"30.203389830508\">\n<p>This year, <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/ransomware-as-a-service-raas\">ransomware-as-a-service (RaaS)<\/a> groups like <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/ransomware-spotlight\/ransomware-spotlight-blackcat\">BlackCat<\/a>, <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/ransomware-spotlight\/ransomware-spotlight-hive\">Hive<\/a>, and <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/slippery-ransomexx-malware-moves-rust-virustotal\" target=\"_blank\" rel=\"noopener\">RansomExx<\/a> have developed versions of their ransomware in Rust, a cross-platform language that makes it easier to tailor malware to different operating systems like Windows and Linux. In this blog entry, we shed light on <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/h\/new-golang-ransomware-agenda-customizes-attacks.html\">Agenda<\/a> (also known as Qilin), another ransomware group that has started using this language.<\/p>\n<p>According to our observations in the past month, the Agenda ransomware\u2019s activities included posting &nbsp;<a href=\"https:\/\/twitter.com\/_bettercyber_\/status\/1578123579660664844\" target=\"_blank\" rel=\"noopener\">numerous companies&nbsp;<\/a>on its leak site. The threat actors not only claimed that they were able to breach the servers of these companies but also threatened to publish their files. The companies that the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/ransomware\">ransomware<\/a> group posts on its leak site are located in different countries and belong mostly in the manufacturing and IT industries, with a <a href=\"https:\/\/twitter.com\/ido_cohen2\/status\/1578121004764856328?s=20&amp;t=5TZ6p-bYL1hlU1wLoa0O2g\" target=\"_blank\" rel=\"noopener\">combined revenue<\/a> that surpasses US$550 million.<\/p>\n<p>Recently, we found a sample of the Agenda ransomware written in Rust language and detected as <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/Ransom.Win32.AGENDA.THIAFBB\">Ransom.Win32.AGENDA.THIAFBB<\/a>. Notably, the same ransomware, originally written in Go language, was known for targeting healthcare and education sectors in countries like Thailand and Indonesia. The actors customized previous ransomware binaries for the intended victim through the use of confidential information such as leaked accounts and unique company IDs as the appended file extension. The Rust variant has also been seen using intermittent encryption, one of the emerging tactics that threat actors use today for faster encryption and detection evasion.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-1.png\" alt=\"Submission details of the binary in VirusTotal, including the submission date and region it was uploaded.\"><figcaption>Figure 1. Submission details of the binary in VirusTotal, including the submission date and region it was uploaded.<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-2.PNG\" alt=\"Strings viewed on BinText showing Rust modules\/functions used by the binary\"><figcaption>Figure 2. Strings viewed on BinText showing Rust modules\/functions used by the binary<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p><b><span class=\"body-subhead-title\">Blackbox analysis<\/span><\/b><\/p>\n<p>When executed, the Rust binary prompts the following error requiring a password to be passed as an argument. This command-line feature is similar to the Agenda ransomware binaries written in Golang.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-3.png\" alt=\"Error prompt when the sample was executed \"><figcaption>Figure 3. Error prompt when the sample was executed <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>Upon execution of the sample with \u201c\u2014password\u201d as its parameter in conjunction with a dummy password \u201cAgendaPass,\u201d the ransomware sample runs its malicious routine starting with the termination of various processes and services.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-4.png\" alt=\"Termination of applications and services \"><figcaption>Figure 4. Termination of applications and services <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<p>Specific to the sample we analyzed, the ransomware appends the extension &#8220;MmXReVIxLV\u201d<i> <\/i>to encrypted files. It also displays activity logs on the command prompt, including the file it has encrypted and the elapsed time.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-5.PNG\" alt=\"Examples of encrypted files\"><figcaption>Figure 5. Examples of encrypted files<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-6.PNG\" alt=\"Logs in encrypting files\"><figcaption>Figure 6. Logs in encrypting files<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>The ransomware will then proceed to drop its ransom note on every directory it encrypts. As observed in its ransom note, the password used to execute the ransomware will also be used as the password for logging in to the support chat site of the ransomware group.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-7.PNG\" alt=\"Agenda ransom note\"><figcaption>Figure 7. Agenda ransom note<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.458904109589\">\n<div class=\"responsive-table-wrap\" readability=\"16.272260273973\">\n<p><b><span class=\"body-subhead-title\">Agenda ransomware analysis<\/span><\/b><\/p>\n<p>Unlike <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/h\/new-golang-ransomware-agenda-customizes-attacks.html\">Agenda\u2019s Golang variant<\/a>, which accepts 10 arguments, its Rust variant only accepts three arguments:<\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\" height=\"100%\">\n<tbody readability=\"4\">\n<tr>\n<td>Argument<\/td>\n<td>Description<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>-password {string}<\/td>\n<td>Defines the password to enter landing<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>-ips<i> <\/i>{IP address}<\/td>\n<td>Allows for providing IP addresses<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>-paths {directory}<\/td>\n<td>Defines the path that parses directories; if this flag is used and left empty, all directories will be scanned&nbsp;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Table 1. Arguments used by the Agenda ransomware\u2019s Rust variant<\/p>\n<p>The Rust variant also contains hard-coded configuration inside its binaries like the earlier samples compiled in Golang.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-8.PNG\" alt=\"Function inside the binary containing the configuration\"><figcaption>Figure 8. Function inside the binary containing the configuration<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-9.PNG\" alt=\"Strings containing the configuration \"><figcaption>Figure 9. Strings containing the configuration <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36.5\">\n<div class=\"responsive-table-wrap\" readability=\"18\">\n<p>It also added the -n, -p, fast, skip,<i> <\/i>and step flags on its configurations, which are not present in the Golang variant configuration and only used via command-line argument. Upon further analysis, we have learned that these flags are used for intermittent encryption. This tactic enables the ransomware to encrypt the victim\u2019s files faster by partially encrypting the files depending on the values of the flags. This tactic is becoming more popular among ransomware actors as it lets them encrypt faster and avoid detections that heavily rely on read\/write file operations.<\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\" height=\"100%\">\n<tbody readability=\"3\">\n<tr>\n<td>Flags<\/td>\n<td>Description<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>fast<\/td>\n<td>Encrypts the first (N*0x200000h) of the file<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>skip (N) \u2013 step (Y)<\/td>\n<td>Skip encryption for N bytes after encrypting Y bytes of the file<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>n: {N} p: {P}<\/td>\n<td>Encrypt (N*0x200000h) of the file and skips p bytes (P &#8211; percentage of the file size)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Table 2. Flags used for intermittent encryption<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-10.PNG\" alt=\"Flags used for intermittent encryption \"><figcaption>Figure 10. Flags used for intermittent encryption <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-11.PNG\" alt=\"Command-line arguments accepted by the Golang variant of the Agenda ransomware\"><figcaption>Figure 11. Command-line arguments accepted by the Golang variant of the Agenda ransomware<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>We tried to mimic its encryption behavior using some of the flags present on its configuration. For this simulation, we used a dummy file filled with \u201cA\u201d<i> <\/i>as its content.<\/p>\n<p>For fast<i> <\/i>mode:<\/p>\n<p>Value: 1<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-12.PNG\" alt=\"Fast flag set to 1\"><figcaption>Figure 12. Fast flag set to 1<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>Encrypted bytes: 1 * 0x200000h, where 1 is the value set in the fast flag<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-13.png\" alt=\"0x200000h bytes encrypted\"><figcaption>Figure 13. 0x200000h bytes encrypted<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<p>For N-P<i> <\/i>mode:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-14.PNG\" alt=\"flags set to n = 1; p = 1\"><figcaption>Figure 14. flags set to n = 1; p = 1<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p>Total size = 88,082,336 bytes<\/p>\n<p>Bytes encrypted = 1 * 0x200000,h where 1 is the value set in the n flag<\/p>\n<p>Bytes skipped = 880,818 bytes (1% of the whole file), where 1 is the value set in the p flag<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-15.PNG\" alt=\"0x200000h of bytes encrypted\"><figcaption>Figure 15. 0x200000h of bytes encrypted<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-16.PNG\" alt=\"880,818 bytes (equivalent to 1% of the file) encrypted\"><figcaption>Figure 16. 880,818 bytes (equivalent to 1% of the file) encrypted<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34\">\n<div readability=\"13\">\n<p>Aside from the additional flags used for different encryption modes, the Rust variant has included AppInfo to its roster of services to terminate. It disables User Account Control (UAC), a Windows feature that helps prevent malware from executing with administrative rights, resulting in the inability to run other applications with administrative privileges.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-17.png\" alt=\"Function used to stop service using parameter 0x01 equivalent to SERVICE_CONTROL_STOP\"><figcaption>Figure 17. Function used to stop service using parameter 0x01 equivalent to SERVICE_CONTROL_STOP<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-18.png\" alt=\"Function used for disabling services using parameter 0x04 equivalent to SERVICE_DISABLED\"><figcaption>Figure 18. Function used for disabling services using parameter 0x04 equivalent to SERVICE_DISABLED<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-19.png\" alt=\"Unable to run an application with administrative rights after disabling AppInfo service\"><figcaption>Figure 19. Unable to run an application with administrative rights after disabling AppInfo service<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>The Agenda ransomware is also known to deploy customized ransomware for each victim, and we have seen that its Rust variants have an allocated space for adding accounts in their configuration to be used mostly for privilege escalation.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-20.PNG\" alt=\"Allocated accounts in the Rust variant configuration of the Agenda ransomware\"><figcaption>Figure 20. Allocated accounts in the Rust variant configuration of the Agenda ransomware<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p>The file extension to be appended on the encrypted files is hard-coded in its configuration.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-21.PNG\" alt=\"File extension to be appended\"><figcaption>Figure 21. File extension to be appended<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p>Unlike the previous Golang variant, however, the threat actors did not include the credentials of the victim in the configuration of the Rust variant. This feature of the latter prevents other researchers not only from visiting the ransomware\u2019s chat support site but also accessing the threat actors\u2019 conversations when a sample becomes available externally. It also prevents unsolicited messages from other people besides the victim.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/fig-22.png\" alt=\"The Agenda ransomware chat support site\"><figcaption>Figure 22. The Agenda ransomware chat support site<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"39.71511627907\">\n<div class=\"responsive-table-wrap\" readability=\"25.496124031008\">\n<p><b><span class=\"body-subhead-title\">Conclusion<\/span><\/b><\/p>\n<p>An emerging ransomware family, Agenda has recently been targeting critical sectors such as healthcare and education industries. At present, its threat actors appear to be migrating their ransomware code to Rust as recent samples still lack some features seen in the original binaries written in the Golang variant of the ransomware. Rust language is becoming more popular among threat actors as it is more difficult to analyze and has a lower detection rate by antivirus engines.<\/p>\n<p>Threat actors continue to favor ransomware as their tool of choice for conducting their operations, reiterating the call for enterprises and organizations to rely on a multilayered solution to secure data. <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response.html\">Trend Micro Vision One\u2122<\/a> provides visibility, correlated detection, and behavior monitoring across multiple layers: email, endpoints, servers, cloud workloads to help enterprises and organizations protect their systems from different threats, including ransomware.<\/p>\n<p><b><span class=\"body-subhead-title\">Indicators of Compromise (IOCs)<\/span><\/b><\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\" height=\"100%\">\n<tbody readability=\"6\">\n<tr>\n<td><b>SHA256<\/b><\/td>\n<td><b>Detection<\/b><\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>e90bdaaf5f9ca900133b699f18e4062562148169b29cb4eb37a0577388c22527<\/td>\n<td>Ransom.Win32.AGENDA.THIAFBB<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>55e070a86b3ef2488d0e58f945f432aca494bfe65c9c4363d739649225efbbd1<\/td>\n<td>Ransom.Win32.AGENDA.THIAHBB<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>37546b811e369547c8bd631fa4399730d3bdaff635e744d83632b74f44f56cf6<\/td>\n<td>Ransom.Win32.AGENDA.THIAHBB<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/l\/agenda-ransomware-uses-rust-to-target-more-vital-industries.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda&#8217;s Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":49752,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9508,9539,9509],"class_list":["post-49751","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Agenda Ransomware Uses Rust to Target More Vital Industries 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Agenda Ransomware Uses Rust to Target More Vital Industries 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-16T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/Agenda-Ransomware-Uses-Rust-to-Target-More-Vital-Industries-641.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Agenda Ransomware Uses Rust to Target More Vital Industries\",\"datePublished\":\"2022-12-16T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/\"},\"wordCount\":1342,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/agenda-ransomware-uses-rust-to-target-more-vital-industries.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/\",\"name\":\"Agenda Ransomware Uses Rust to Target More Vital Industries 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/agenda-ransomware-uses-rust-to-target-more-vital-industries.png\",\"datePublished\":\"2022-12-16T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/agenda-ransomware-uses-rust-to-target-more-vital-industries.png\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/agenda-ransomware-uses-rust-to-target-more-vital-industries.png\",\"width\":1089,\"height\":579},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Agenda Ransomware Uses Rust to Target More Vital Industries\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Agenda Ransomware Uses Rust to Target More Vital Industries 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/","og_locale":"en_US","og_type":"article","og_title":"Agenda Ransomware Uses Rust to Target More Vital Industries 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-12-16T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/Agenda-Ransomware-Uses-Rust-to-Target-More-Vital-Industries-641.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Agenda Ransomware Uses Rust to Target More Vital Industries","datePublished":"2022-12-16T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/"},"wordCount":1342,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/agenda-ransomware-uses-rust-to-target-more-vital-industries.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/","url":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/","name":"Agenda Ransomware Uses Rust to Target More Vital Industries 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/agenda-ransomware-uses-rust-to-target-more-vital-industries.png","datePublished":"2022-12-16T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/agenda-ransomware-uses-rust-to-target-more-vital-industries.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/12\/agenda-ransomware-uses-rust-to-target-more-vital-industries.png","width":1089,"height":579},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/agenda-ransomware-uses-rust-to-target-more-vital-industries\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Agenda Ransomware Uses Rust to Target More Vital Industries"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49751"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49751\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/49752"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}