{"id":53004,"date":"2023-07-31T15:14:12","date_gmt":"2023-07-31T15:14:12","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34849\/Unpatched-Apache-Tomcat-Servers-Spread-Mirai-Botnet-Malware.html"},"modified":"2023-07-31T15:14:12","modified_gmt":"2023-07-31T15:14:12","slug":"unpatched-apache-tomcat-servers-spread-mirai-botnet-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/","title":{"rendered":"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware"},"content":{"rendered":"<p>Security teams are being urged to harden Apache Tomcat instances after researchers discovered the popular Java application server was being exploited to spread <a href=\"https:\/\/www.scmagazine.com\/brief\/tp-link-router-zero-day-exploited-by-mirai-botnet\" target=\"_blank\" rel=\"noreferrer noopener\">Marai botnet<\/a> malware.<\/p>\n<p><a href=\"https:\/\/www.scmagazine.com\/news\/security-researchers-identified-a-remote-code-execution-on-windows-vulnerability-in-apache-tomcat\" target=\"_blank\" rel=\"noreferrer noopener\">Apache Tomcat<\/a> is an open-source Java application server which, according to a <a href=\"https:\/\/www.jrebel.com\/blog\/what-is-apache-tomcat#:~:text=Is%20Tomcat%20Still%20Popular%3F,by%20downloading%20the%20report%20today.&amp;text=This%20is%20due%20to%20the,tool%20and%20it%20is%20free.\" target=\"_blank\" rel=\"noreferrer noopener\">recent survey<\/a>, was the main application server used by just under half of the java teams questioned.<\/p>\n<div>\n<div class=\"alignright\">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cms.cyberriskalliance.com\/wp-content\/uploads\/2023\/07\/Apache-Tomcat-Botnet.jpg\" alt class=\"wp-image-488808\" width=\"188\" height=\"164\"><\/figure>\n<p>.<\/p>\n<\/div>\n<\/div>\n<p>Tomcat\u2019s popularity makes it a magnet for botnet-spreading threat actors. Aqua Security\u2019s research team, Nautilus, deployed Tomcat server honeypots which attracted 803 attacks over two years, predominantly aimed at infecting the servers with Marai botnet payloads designed to carry out distributed denial of service (DDoS) and crypto-mining campaigns.<\/p>\n<p>\u201cThese attacks exploited a misconfiguration of weak user and password [credentials] in order to drop a web shell that allowed remote code execution,\u201d Nautilus security data analyst Nitzan Yaakov said in a July 26 <a href=\"https:\/\/blog.aquasec.com\/tomcat-under-attack-investigating-the-mirai-malware\" target=\"_blank\" rel=\"noreferrer noopener\">blog post<\/a>.<\/p>\n<p>The researchers found 12 distinct web shells were used in the attacks. The most common attack type, which occurred 152 times, dropped a shell script called \u201cneww\u201d.<\/p>\n<p>Yaakov did not discuss attribution of the attacks in here post but said the \u201cneww\u201d script originated from 24 unique IP addresses, with two-thirds of the attacks coming from a single address: 104.248.157[.]218.<\/p>\n<h2>Initial access via brute force attacks<\/h2>\n<p>The Nautilus researchers\u2019 analysis established the threat actors were specifically targeting misconfigurations in the Tomcat web application manager app which allows users to manage deployed web applications.<\/p>\n<p>\u201cThe list of authorized users who can access Tomcat resource is specified in the configuration file \u2018tomcat_users.xml\u2019. Threat actors are conducting brute force attacks on the manager app to guess the password,\u201d Yaakov said.<\/p>\n<p>The researchers observed an attack on one of their Tomcat honeypots set with the server\u2019s default username and password credentials. The threat actors guessed the correct password on their third login attempt, giving them complete control over the server.<\/p>\n<p>Tomcat\u2019s web application manager allows users to deploy a directory or a WAR format archive file that packages and deploys web applications on the Java platform.<\/p>\n<p>The WAR file contains all the files necessary to run a web application \u2013 including HTML, CSS and servlets \u2013 making it an efficient way to manage web application deployment.<\/p>\n<h2>Malware deployed using remote code execution<\/h2>\n<p>Yaakov said the threat actor used that functionality to deploy a WAR file containing a malicious web shell class named &#8216;cmd.jsp&#8217;.<\/p>\n<p>\u201cUsing a legitimate action via the manager app (i.e., upload a WAR file) as an attack vector allows the threat actor to masquerade the attack, making it difficult to detect,\u201d she said.<\/p>\n<p>\u201c[T]he web shell was designed to listen to requests and execute commands on the server. Thereby, enabling the threat actor to remotely execute code on the Apache Tomcat server.\u201d<\/p>\n<p>Thefirst command was to download the \u201cneww\u201d shell script which executed the malware, a variant of the well-known Mirai botnet series.<\/p>\n<p>\u201cIn our case, the host was infected with this malware, and based on our analysis of previous attacks and research, it appears that the threat actor intends to use this malware as a base for further attacks,\u201d Yaakov said. \u201cThese attacks could range from relatively low-impact campaigns like cryptomining to more severe DDoS attacks.\u201d<\/p>\n<h2>Dealing with evolving threats<\/h2>\n<p>The campaign was continuing, she said, with the threat actors continuously modifying and evolving their attacks to avoid detection.<\/p>\n<p>\u201cThis is evident in the naming convention of the shell script responsible for downloading the Mirai malware, as well as the varied and different variants of the Mirai malware downloaded onto compromised machines.\u201d<\/p>\n<p>While almost all of the 803 attacks on Aqua\u2019s honeypot servers dropped the Mirai payload, in a handful of cases the payload was a new version of <a href=\"https:\/\/www.scmagazine.com\/brief\/numerous-devices-targeted-by-novel-chaos-malware\">Chaos malware<\/a> including ransomware and DDoS variants.<\/p>\n<p>Yaakov said Nautilus\u2019 experiences with the Tomcat honeypots reinforced the importance of properly configuring and monitoring runtime environments.<\/p>\n<p>\u201cWe observed how a misconfiguration exposed the server to attacks, potentially resulting in the infection of additional hosts within the same network.\u201d<\/p>\n<p>She urged administrators and security teams to use strong passwords and regularly scan their environments for threats.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34849\/Unpatched-Apache-Tomcat-Servers-Spread-Mirai-Botnet-Malware.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":53005,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10614],"class_list":["post-53004","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwarebotnetflawapache"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-31T15:14:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cms.cyberriskalliance.com\/wp-content\/uploads\/2023\/07\/Apache-Tomcat-Botnet.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware\",\"datePublished\":\"2023-07-31T15:14:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/\"},\"wordCount\":683,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware.jpg\",\"keywords\":[\"headline,malware,botnet,flaw,apache\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/\",\"name\":\"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware.jpg\",\"datePublished\":\"2023-07-31T15:14:12+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware.jpg\",\"width\":300,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,botnet,flaw,apache\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwarebotnetflawapache\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/","og_locale":"en_US","og_type":"article","og_title":"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-07-31T15:14:12+00:00","og_image":[{"url":"https:\/\/cms.cyberriskalliance.com\/wp-content\/uploads\/2023\/07\/Apache-Tomcat-Botnet.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware","datePublished":"2023-07-31T15:14:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/"},"wordCount":683,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware.jpg","keywords":["headline,malware,botnet,flaw,apache"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/","url":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/","name":"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware.jpg","datePublished":"2023-07-31T15:14:12+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware.jpg","width":300,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/unpatched-apache-tomcat-servers-spread-mirai-botnet-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,botnet,flaw,apache","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwarebotnetflawapache\/"},{"@type":"ListItem","position":3,"name":"Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53004"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53004\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/53005"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}