{"id":53108,"date":"2023-08-07T00:00:00","date_gmt":"2023-08-07T00:00:00","guid":{"rendered":"urn:uuid:42631d5a-1939-5705-3b2b-3e69c0de9491"},"modified":"2023-08-07T00:00:00","modified_gmt":"2023-08-07T00:00:00","slug":"targetcompany-ransomware-abuses-fud-obfuscator-packers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/","title":{"rendered":"TargetCompany Ransomware Abuses FUD Obfuscator Packers"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/targetcompany-ransomware-abuses-fud-obfuscator-packers:Large?qlt=80\"><!-- OneTrust Cookies Consent Notice start for trendmicro.com --><!-- OneTrust Cookies Consent Notice end for trendmicro.com --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"malware,cyber crime,exploits &amp; vulnerabilities,cyber threats,data center,endpoints,ransomware,network,articles, news, reports\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2023-08-07\"> <meta property=\"article:tag\" content=\"ransomware\"> <meta property=\"article:section\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers.html\"> <title>TargetCompany Ransomware Abuses FUD Obfuscator Packers<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\">\n<link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendmicro\/clientlibs\/trendmicro-core-2\/clientlibs\/header-footer.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers.html\"><br \/>\n<meta property=\"og:title\" content=\"TargetCompany Ransomware Abuses FUD Obfuscator Packers\"><br \/>\n<meta property=\"og:description\" content=\"In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"TargetCompany Ransomware Abuses FUD Obfuscator Packers\"><br \/>\n<meta name=\"twitter:description\" content=\"In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.598082346306\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1451984952\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"8.7658959537572\">\n<div class=\"article-details\" role=\"heading\" readability=\"37.011560693642\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Ransomware<\/p>\n<p class=\"article-details__description\">In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.<\/p>\n<p class=\"article-details__author-by\">By: Don Ovid Ladores, Nathaniel Morales <time class=\"article-details__date\">August 07, 2023<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-lg-8 col-lg-push-2\"> <\/p>\n<div class=\"richText\" readability=\"31.191929133858\">\n<div readability=\"11.173228346457\">\n<p>We found active campaign deployments combining remote access trojan (<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/Remote-access-programs-tools\">RAT<\/a>) <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/19\/h\/analysis-new-remcos-rat-arrives-via-phishing-email.html\">Remcos<\/a> and the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/ransomware-spotlight\/ransomware-spotlight-targetcompany\">TargetCompany<\/a> <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/Ransomware\">ransomware<\/a> earlier this year. We compared these deployments with previous samples and found that these deployments are implementing fully undetectable (<a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/analyzing-the-fud-malware-obfuscation-engine-batcloak\/tb-the-dark-evolution-advanced-malicious-actors-unveil-malware-modification-progression.pdf\">FUD<\/a>) packers to their binaries. By combining telemetry data and external threat hunting sources, we were able to gather early samples of these in development. Recently, we found a victim on which this technique was deployed and targeted specifically at.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/Figure1-targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg\" alt=\"figure1-targetcompany-ransomware-abuses-fud-obfuscator-packers\"><figcaption>Figure 1. Latest TargetCompany ransomware infection chain<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"32.592140921409\">\n<div readability=\"11.674796747967\">\n<p><span class=\"body-subhead-title\">Achieving persistence<\/span><\/p>\n<p>Like <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/f\/xollam-the-latest-face-of-targetcompany.html\">previously<\/a> documented TargetCompany ransomware attacks, the latest variant starts with the exploitation of vulnerable SQL servers to persistently deploy its first stage. The routine tries various directions to attempt persistence, such as changing up the URLs or applicable paths until it successfully finds an area to execute the Remcos RAT.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<caption>Table 1. Sample download attempts to deploy Remcos RAT<\/caption>\n<tbody readability=\"15\">\n<tr>\n<th scope=\"col\">URL<\/th>\n<th scope=\"col\">Expected drop path<\/th>\n<th scope=\"col\">Notes<\/th>\n<th scope=\"col\">Results<\/th>\n<\/tr>\n<tr readability=\"4\">\n<td><i>_hxxp:\/\/80.66.75[.]37\/drtse.exe<\/i><\/td>\n<td><i>%TEMP%\\tzt.exe<\/i><\/td>\n<td>Executed with <i>%TEMP%\\updt.ps1<\/i><\/td>\n<td>Failed \/Terminated<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td><i>_hxxp:\/\/185.209.230[.]21:8080\/lighting.exe<\/i><\/td>\n<td><i>%TEMP%\\tzt.exe<\/i><\/td>\n<td>Executed with\u202f<i>%TEMP%\\updt.ps1<\/i><\/td>\n<td>Failed \/Terminated<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td>_hxxp:\/\/80.66.75.37\/Ayhhny.exe<\/td>\n<td><i>%TEMP%\\tzt.exe<\/i><\/td>\n<td>Executed with&nbsp;<i>%TEMP%\\updt.ps1<\/i><\/td>\n<td>Failed \/Terminated<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td>_hxxp:\/\/80.66.75[.]37\/lawer.exe<\/td>\n<td>\n<p><i>%TEMP%\\1DKPCKM7.exe<\/i><\/p>\n<p><i>%TEMP%\\VOCNDGB2.exe<\/i><\/p>\n<p><i>%TEMP%\\tzt.exe<\/i><\/p>\n<\/td>\n<td>Executed with&nbsp;<i>%TEMP%\\updt.ps1<\/i><\/td>\n<td>Failed \/Terminated<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td>_hxxp:\/\/80.66.75[.]37\/Bwarp.exe<\/td>\n<td>\n<p><i>%TEMP%\\WIMZJ19D.exe<\/i><\/p>\n<p><i>%TEMP%\\YLJ7ZVT0.exe<\/i><\/p>\n<p><i>%TEMP%\\tzt.exe<\/i><\/p>\n<\/td>\n<td>Executed with&nbsp;<i>%TEMP%\\updt.ps1<\/i><\/td>\n<td>Failed \/Terminated<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td><b><i>_hxxp:\/\/185.209.230[.]21:8080\/Auptxums.bat<\/i><\/b><\/td>\n<td><b><i>%TEMP%\\tzt.bat<\/i><\/b><\/td>\n<td><b>Executed with&nbsp;<i>%TEMP%\\updt.ps1<\/i><\/b><\/td>\n<td><b>Drop and execution of Remcos RAT (Blocked by current Trend Micro solutions)<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/fig2-targetcompany-ransomware-abuses-fud-obfuscator-packers.png\" alt=\"figure2-targetcompany-ransomware-abuses-fud-obfuscator-packers\"><figcaption>Figure 2. Download attempts for the first stage <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.873831775701\">\n<div readability=\"11.775700934579\">\n<p>Since the initial efforts were terminated and blocked by the existing solutions, the attackers opted to use the FUD-wrapped version of their binaries. The FUD packer used by Remcos and the one used by the TargetCompany ransomware has a style of packaging that closely resembles the style used by&nbsp;<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/f\/analyzing-the-fud-malware-obfuscation-engine-batcloak.html\">BatCloak<\/a>: Using a batch file as an outer layer and afterward, decoding and loading using PowerShell to make a LOLBins execution. &nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/fig3-targetcompany-ransomware-abuses-fud-obfuscator-packers.png\" alt=\"figure3-targetcompany-ransomware-abuses-fud-obfuscator-packers\"><figcaption>Figure 3. PowerShell execution of the Remcos RAT, also showing the typical routine for malware wrapped in FUD packers <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.768924302789\">\n<div readability=\"14.043824701195\">\n<p><span class=\"body-subhead-title\">Metasploit usage<\/span><\/p>\n<p>This variant\u2019s routine used another unique tool, which our analysis identified as Metasploit (<a href=\"https:\/\/www.offsec.com\/metasploit-unleashed\/about-meterpreter\/\">Meterpreter<\/a>) usage. This group is not widely known to use such tools, so it is interesting to see it leverage Metasploit to do the following:<\/p>\n<p>Afterward, the Remcos RAT will resume its final routine as it downloads and deploys the TargetCompany ransomware still wrapped in an FUD packer.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<caption>Table 2. Metasploit module for executing shell commands<\/caption>\n<tbody readability=\"3\">\n<tr>\n<td><b>Subject process<\/b><\/td>\n<td><b>Child process<\/b><\/td>\n<td><b>Command line<\/b><\/td>\n<\/tr>\n<tr readability=\"6\">\n<td><i>C:\\temp\\straightforward.exe<\/i><\/td>\n<td><i>C:\\windows\\syswow64\\net.exe<\/i><\/td>\n<td><i>localgroup administrators [~redacted] \/ad<\/i><\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.56546275395\">\n<div readability=\"13.620767494357\">\n<p><span class=\"body-subhead-title\">Tracking the loader\u2019s rising popularity<\/span><\/p>\n<p>The <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/spam\/3724\/qakbot-attacks-continue-to-spread-through-microsofts-onenote-app\">previous<\/a> <a href=\"https:\/\/www.techrepublic.com\/article\/onenote-documents-spread-malware\/\">wave<\/a> of campaigns abusing OneNote made headlines because of the technique\u2019s novelty: the use of a specific PowLoad and a corresponding CMDFile (batchfile or.bat) that contained the actual payload. Since it was first released, the specific \u201ccmd x PowerShell\u201d loader has slowly been gaining traction. By the end of February 2022, TargetCompany ransomware operators adopted the tactic.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/Figure5-targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg\" alt=\"figure4-targetcompany-ransomware-abuses-fud-obfuscator-packers\"><figcaption>Figure 4. FUD loaders and TargetCompany ransomware deployment activities <\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35\">\n<div readability=\"15\">\n<p><b>Analyzing the loader differences<\/b><\/p>\n<p>The CMDFiles were initially indistinguishable between the other users (malware families AsyncRAT, Remcos, and the TargetCompany ransomware) of the batch file technique. The use of the CMDFiles starts to differ with the execution of the command line and during the load of the main binaries. While AsyncRAT employs decompression and decryption, the loaders related to Remcos and TargetCompany only used decompression to unpack the payload and changed the general appearance of its structure while maintaining the same functionality.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/fig6-targetcompany-ransomware-abuses-fud-obfuscator-packers.png\" alt=\"figure5-targetcompany-ransomware-abuses-fud-obfuscator-packers\"><figcaption>Figure 5. The BatLoad appeared similar in structure between the versions found in previous deployment reports and samples.<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/Figure7-targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg\" alt=\"figure6-targetcompany-ransomware-abuses-fud-obfuscator-packers\"><figcaption>Figure 6. Bare and unobfuscated AsyncRAT loader command line (top) and decoded loader command line of Remcos and the TargetCompany ransomware<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.010638297872\">\n<div readability=\"13.801418439716\">\n<p>For the AsyncRAT loader, the CMDFile loads the binary payload successfully regardless of whether the system\u2019s architecture is 32-bit or 64-bit. With the routines in Remcos and TargetCompany, however, the <i>powershell.exe<\/i> file is hard-coded to find the deobfuscated Remcos CMDFile only in the SysWOW64 folder. Even though the payload binary works in both 32-bit and 64-bit systems, the way that the PowerShell file is hard-coded \u201calmost\u201d guarantees that the routine will fail to execute in 32-bit systems given that it is usually only found in 64-bit systems. Microsoft <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/design\/minimum\/minimum-hardware-requirements-overview\">has required<\/a> new Windows 10 systems since version 2004 (released in the middle of 2020) to be 64-bit; Windows 11 was never released in a 32-bit version. Running this malware on a 32-bit operating system is therefore something of an edge case which we need not discuss here.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/fig8-targetcompany-ransomware-abuses-fud-obfuscator-packers.png\" alt=\"figure7-targetcompany-ransomware-abuses-fud-obfuscator-packers\"><figcaption>Figure 7. Decoded loader command line in Remcos and the TargetCompany ransomware<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/fig9-targetcompany-ransomware-abuses-fud-obfuscator-packers.png\" alt=\"figure8-targetcompany-ransomware-abuses-fud-obfuscator-packers\"><figcaption>Figure 8. Deobfuscated Remcos CMDFile showing the copying of the PowerShell routine<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34\">\n<div readability=\"13\">\n<p><b>Technique adoption<\/b><\/p>\n<p>When we investigated the suspicious network connections related to the PowerShell, we discovered the new variant of the TargetCompany ransomware. When we checked the payload binary, we saw that the variant belongs to the second version of the said ransomware family, commonly characterized by a connection to a command-and-control (C&amp;C) server with a \u201c\/ap.php\u201d landing page.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/fig10-targetcompany-ransomware-abuses-fud-obfuscator-packers.png\" alt=\"figure9-targetcompany-ransomware-abuses-fud-obfuscator-packers\"><figcaption>Figure 9. C&amp;C communication by the TargetCompany ransomware<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"48.919705038918\">\n<div readability=\"42.929537074969\">\n<p>Pivoting from the IP address or URL, we found samples from a public repository verified to be the Remcos RAT. Considering the uses for obfuscation of the different batch files in a previous section, as well as the fact that for every execution of Remcos there is also an instance of an attack by the TargetCompany ransomware, we were not surprised at the use of the technique. Similarly, we found a verified Remcos sample with zero detections on public repositories.<\/p>\n<p><b><span class=\"body-subhead-title\">Insights<\/span><\/b><\/p>\n<p>The use of FUD malware already limits most available solutions for this said tactic, even more so for off-the-shelf technologies likely susceptible to other attacks (not just ransomware). This set of packers will likely not be the only ones being developed in the near future. Early detection allows security teams and analysts to detect these FUD packers as their respective routines and coding follow a certain flow that makes it easy to prevent. At the same time, this also allows these organizations\u2019 teams to check for increases in usage even through external threat intelligence sources and repositories.<\/p>\n<p>Attackers will keep innovating even the simplest means of abuse. While the technique of using FUD packers and Metasploit has been around for a while now, security teams and organizations should not underestimate its effectivity in circumventing current and established security solutions, especially in key features that leave technologies almost blind until a victim is documented.<\/p>\n<p>To date, majority of TargetCompany ransomware\u2019s victims still stem from vulnerable SQL Servers being exploited to gain entry. Security teams should have visibility and check all possible attack surfaces to ensure their respective systems are not susceptible to abuse and exploitation. Meanwhile, we deem the FUD packer a tool that can easily be altered without much effort, and current solutions might well be one step behind these developments. Fortunately, AI- and machine learning-based file checking and behavior monitoring solutions, best practices for network blocking, and ransomware detection and blocking measures can act as multiple layers in mitigating the impact of these threats\u2019 risks. Organizations should encourage and implement redundant exercises ensuring users\u2019 awareness of their own systems and networks to prevent intrusion attempts and execution of malicious activities.<\/p>\n<p><span class=\"body-subhead-title\">Indicators of Compromise (IOCs)<\/span><\/p>\n<p>Download the list of indicators <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/IOCs-targetcompany-ransomware-abuses-fud-obfuscator-packers.txt\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/h\/targetcompany-ransomware-abuses-fud-obfuscator-packers.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":53109,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9521,9511,9565,9508,9555,9513,9523,9539],"class_list":["post-53108","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-crime","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-data-center","tag-trend-micro-research-endpoints","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-malware","tag-trend-micro-research-network","tag-trend-micro-research-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>TargetCompany Ransomware Abuses FUD Obfuscator Packers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TargetCompany Ransomware Abuses FUD Obfuscator Packers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-07T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/targetcompany-ransomware-abuses-fud-obfuscator-packers:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"TargetCompany Ransomware Abuses FUD Obfuscator Packers\",\"datePublished\":\"2023-08-07T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/\"},\"wordCount\":1293,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Crime\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Data center\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Network\",\"Trend Micro Research : Ransomware\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/\",\"name\":\"TargetCompany Ransomware Abuses FUD Obfuscator Packers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg\",\"datePublished\":\"2023-08-07T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg\",\"width\":1100,\"height\":1200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/targetcompany-ransomware-abuses-fud-obfuscator-packers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"TargetCompany Ransomware Abuses FUD Obfuscator Packers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TargetCompany Ransomware Abuses FUD Obfuscator Packers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/","og_locale":"en_US","og_type":"article","og_title":"TargetCompany Ransomware Abuses FUD Obfuscator Packers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-08-07T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/targetcompany-ransomware-abuses-fud-obfuscator-packers:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"TargetCompany Ransomware Abuses FUD Obfuscator Packers","datePublished":"2023-08-07T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/"},"wordCount":1293,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Crime","Trend Micro Research : Cyber Threats","Trend Micro Research : Data center","Trend Micro Research : Endpoints","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Malware","Trend Micro Research : Network","Trend Micro Research : Ransomware"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/","url":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/","name":"TargetCompany Ransomware Abuses FUD Obfuscator Packers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg","datePublished":"2023-08-07T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/targetcompany-ransomware-abuses-fud-obfuscator-packers.jpg","width":1100,"height":1200},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/targetcompany-ransomware-abuses-fud-obfuscator-packers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"TargetCompany Ransomware Abuses FUD Obfuscator Packers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53108"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53108\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/53109"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}