{"id":56767,"date":"2024-08-06T13:33:28","date_gmt":"2024-08-06T13:33:28","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36181\/Proton-Ransomware-Evolves-With-Latest-Zola-Variant.html"},"modified":"2024-08-06T13:33:28","modified_gmt":"2024-08-06T13:33:28","slug":"proton-ransomware-evolves-with-latest-zola-variant","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/","title":{"rendered":"Proton Ransomware Evolves With Latest Zola Variant"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/08\/AdobeStock_885282576.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The Proton ransomware family has undergone several iterations since it first emerged in March 2023, with the latest variant Zola including privilege escalation measures, a disk overwriting function and a keyboard language-based kill switch.<\/p>\n<p>The Acronis Threat Research Unit recently encountered the new Zola variant during an incident response and performed an in-depth analysis <a href=\"https:\/\/www.acronis.com\/en-us\/cyber-protection-center\/posts\/zola-ransomware-the-many-faces-of-the-proton-family\/\" target=\"_blank\" rel=\"noreferrer noopener\">published Monday<\/a>. This latest version demonstrates the ransomware family\u2019s pattern of constant code tweaks and rebranding.<\/p>\n<p>\u201cThe appearance of new ransomware families every month has become an unfortunate norm in recent years. While some will appear as quickly as they fade out of existence, some establish an extended stay, and others simply change their virtual clothes,\u201d the Acronis researchers wrote.<\/p>\n<h2>Zola kicks off attack with kill switch, admin privilege checks<\/h2>\n<p>The Zola variant of the Proton ransomware was first discovered by Acronis in May and bears similarities to another variant, called Ripa, that appeared on April 30.<\/p>\n<p>The researchers noted that the Proton family uses commonplace hacking tools among ransomware actors, such as Mimikatz, ProcessHacker and various tools for disabling Windows Defender. The malware typically drops these tools in the Downloads, Music or 3D Objects directories on the target machine.<\/p>\n<p>Another similarity between Zola and its predecessors is the creation of a mutex upon execution, which avoids concurrent executions; this hardcoded mutex remained unchanged between variants.<\/p>\n<p>A unique feature of Zola and other recent variants is the presence of a kill switch that checks for a Persian keyboard layout and halts processes if this layout is identified.<\/p>\n<p>\u201cThis kill switch might be indicative of the Proton family\u2019s origins, but no further evidence was found to strengthen this assumption,\u201d the researchers wrote.<\/p>\n<p>If the kill switch is not triggered, the malware proceeds to check for admin privileges, and repeatedly prompts the user to run the executable as an administrator if the check fails. &nbsp;<\/p>\n<p>This admin checking feature was also present in the original Proton sample, although a sub-family known as Shinra, observed in early April, lacks this functionality, suggesting that Zola represents a separate branch in Proton\u2019s evolution.<\/p>\n<p>Prior to encrypting files, Zola makes additional preparations, including generation of a unique victim ID and key information, emptying of the Recycle Bin, modification of boot configuration and deletion of shadow copies to prevent recovery.<\/p>\n<p>Shadow copies are deleted using the vssadmin command via the ShellExecute API and the BCDEdit Windows tool was used to disable automatic repair force Windows to ignore all failures during the boot process.<\/p>\n<h2>Proton ransomware changes encryption scheme, lacks ransom note changes<\/h2>\n<p>The original Proton ransomware used elliptic-curve cryptography (ECC) and Advanced Encryption Standard (AES) in Galois\/Counter Mode (GCM) to encrypt files, but an update in September 2023 switched to the ChaCha20 encryption scheme, which remains the case for the Zola variant.<\/p>\n<p>However, the Zola ransom note remains largely unchanged from the original Proton ransom note, as seen on <a href=\"https:\/\/www.pcrisk.com\/removal-guides\/26438-proton-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">PCrisk\u2019s removal guide<\/a>, apart from a change in contact information. Notably, the ransom note still claims the use of AES and ECC, misleading the victim.<\/p>\n<p>Prior to encryption, the malware attempts to kill 137 processes and 79 services listed in its binary, including various security software and other applications that may prevent encryption by locking multiple files.<\/p>\n<p>Zola runs multiple encryption threads to encrypt files, including in network-attached drives with write access, and drops the ransom note under each encrypted folder. Meanwhile, the malware also changes the desktop wallpaper to a message instructing the victim to email the threat actor, along with victim\u2019s unique ID.<\/p>\n<p>Zola also retains a function that emerged among Proton variants in early April 2024, which spawns a temporary file under C:\\ and fills up the disk by continuously writing uninitialized data in 500 KB chunks. This overwriting of slack space on the disk is suspected to serve as a way to make digital forensics and data recovery more difficult.<\/p>\n<h2>Not to be confused with PrOToN\/Xorist ransomware<\/h2>\n<p>While the Proton ransomware family has spawned multiple variants and at least one subfamily, it is not to be confused with a similarly named ransomware known as PrOToN, which is part of the <a href=\"https:\/\/www.pcrisk.com\/removal-guides\/9905-xorist-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">Xorist, or EnCiPhErEd, family<\/a>. &nbsp;<\/p>\n<p>PrOToN <a href=\"https:\/\/www.pcrisk.com\/removal-guides\/27477-proton-xorist-ransomware\" data-type=\"link\" data-id=\"https:\/\/www.pcrisk.com\/removal-guides\/27477-proton-xorist-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">is described by PCrisk<\/a> as a \u201cransomware-type program,\u201d which first emerged around August 2023. Differences between the two \u201cProton\u201d ransomware include differences in the encrypted file extension (.Proton or .kigatsu versus .PrOToN), ransom note format and threat actor contact information.<\/p>\n<p>PrOToN also triggers an \u201cError\u201d pop-up window displaying the ransom note text, which is a feature that is not present with Zola and other Proton variants.<\/p>\n<p>A <a href=\"https:\/\/www.emsisoft.com\/en\/ransomware-decryption\/xorist\" target=\"_blank\" rel=\"noreferrer noopener\">Xorist decryptor<\/a> is available from Emsisoft, but this decryptor is not known to work against the PrOToN variant, according to PCrisk.<\/p>\n<p>No known decryptor tool is available for the Proton family studied by Acronis.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36181\/Proton-Ransomware-Evolves-With-Latest-Zola-Variant.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":56768,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8989],"class_list":["post-56767","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwarecybercrimecryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Proton Ransomware Evolves With Latest Zola Variant 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Proton Ransomware Evolves With Latest Zola Variant 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-06T13:33:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/08\/AdobeStock_885282576.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Proton Ransomware Evolves With Latest Zola Variant\",\"datePublished\":\"2024-08-06T13:33:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/\"},\"wordCount\":796,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/proton-ransomware-evolves-with-latest-zola-variant.jpg\",\"keywords\":[\"headline,malware,cybercrime,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/\",\"name\":\"Proton Ransomware Evolves With Latest Zola Variant 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/proton-ransomware-evolves-with-latest-zola-variant.jpg\",\"datePublished\":\"2024-08-06T13:33:28+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/proton-ransomware-evolves-with-latest-zola-variant.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/proton-ransomware-evolves-with-latest-zola-variant.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/proton-ransomware-evolves-with-latest-zola-variant\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,cybercrime,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwarecybercrimecryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Proton Ransomware Evolves With Latest Zola Variant\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Proton Ransomware Evolves With Latest Zola Variant 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/","og_locale":"en_US","og_type":"article","og_title":"Proton Ransomware Evolves With Latest Zola Variant 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-08-06T13:33:28+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/08\/AdobeStock_885282576.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Proton Ransomware Evolves With Latest Zola Variant","datePublished":"2024-08-06T13:33:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/"},"wordCount":796,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/proton-ransomware-evolves-with-latest-zola-variant.jpg","keywords":["headline,malware,cybercrime,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/","url":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/","name":"Proton Ransomware Evolves With Latest Zola Variant 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/proton-ransomware-evolves-with-latest-zola-variant.jpg","datePublished":"2024-08-06T13:33:28+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/proton-ransomware-evolves-with-latest-zola-variant.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/proton-ransomware-evolves-with-latest-zola-variant.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/proton-ransomware-evolves-with-latest-zola-variant\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,cybercrime,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwarecybercrimecryptography\/"},{"@type":"ListItem","position":3,"name":"Proton Ransomware Evolves With Latest Zola Variant"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56767"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56767\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56768"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}