{"id":2365,"date":"2021-05-21T09:41:30","date_gmt":"2021-05-21T07:41:30","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=2365"},"modified":"2021-05-21T09:41:30","modified_gmt":"2021-05-21T07:41:30","slug":"agent-tesla-del-2021-05-20","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/cyber-security-news\/agent-tesla-del-2021-05-20\/","title":{"rendered":"Agent Tesla del 2021-05-20"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h2 class=\"wp-block-heading\"> Agent Tesla <\/h2>\n\n\n\n<p>Agent Tesla is spyware that collects information about the actions of its victims by recording keystrokes and user interactions. It is falsely marketed as a legitimate software on the dedicated website where this malware is sold. <br> The spyware is created using .Net software framework. It is aimed at stealing personal data and transmitting it back to the C2 server. The malware is able to access information from web browsers, email clients and FTP servers. <br> The malware comes equipped with multiple persistence mechanisms that help it avoid antivirus detection. As such, it can resume operation automatically after a system reboot. It is also able to turn off Windows processes to stay hidden. <\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<h2 class=\"wp-block-heading\"> SilverTerrier <\/h2>\n\n\n\n<p> <a href=\"https:\/\/attack.mitre.org\/groups\/G0083\">SilverTerrier<\/a>&nbsp;is a Nigerian threat group that has been seen active since 2014.&nbsp;<a href=\"https:\/\/attack.mitre.org\/groups\/G0083\">SilverTerrier<\/a>&nbsp;mainly targets organizations in high technology, higher education, and manufacturing. <\/p>\n<\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<p> Nelle ultime settimane \u00e8 stata rilevata una nuova campagna malware contenente Agent Tesla. Di seguito un analisi del malware e dell&#8217;infrastruttura offensiva.<br> <br>Link analisi Sandbox: <a href=\"https:\/\/app.any.run\/tasks\/1f2f6acd-d1a7-4175-a06f-38524a5f9b0d\/\" class=\"ek-link\">https:\/\/app.any.run\/tasks\/1f2f6acd-d1a7-4175-a06f-38524a5f9b0d\/<\/a><\/p>\n\n\n\n<div class=\"wp-block-cover has-background-dim\" style=\"background-image:url(https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/05\/AGENTTESLA.png)\"><div class=\"wp-block-cover__inner-container is-layout-flow wp-block-cover-is-layout-flow\">\n<p class=\"has-text-align-center has-large-font-size\"><strong>Analisi del malware e dell&#8217;infrastruttura offensiva<\/strong><\/p>\n<\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Analisi dinamica<\/h3>\n\n\n\n<h5 class=\"wp-block-heading\">Albero dei processi<\/h5>\n\n\n\n<p>Una volta eseguito, il malware esegue l&#8217;avvio di due sottoprocessi:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong> schtasks.exe<\/strong><\/li><li> <strong>RegSvcs.exe<\/strong><\/li><\/ul>\n\n\n\n<p>Il primo viene sfruttato per creare dei task schedulati tramite il comando:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><strong> &#8220;C:\\Windows\\System32\\schtasks.exe&#8221; \/Create \/TN &#8220;Updates\\ysZeGjU&#8221; \/XML &#8220;C:\\Users\\admin\\AppData\\Local\\Temp\\tmp9D6C.tmp&#8221;<\/strong> <\/p><cite>Comando di persistenza<\/cite><\/blockquote>\n\n\n\n<p>che avvia ad ogni accesso il <strong>malware ysZeGjU.exe<\/strong> <\/p>\n\n\n\n<p>Il secondo sample viene identificato come <strong>Agent Tesla<\/strong>, tramite tale processo vengono eseguiti tutte le attivit\u00e0 del malware:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Creazione di chiavi di registro<\/li><li>Esfiltrazione di informazioni dai Web Browser<ul><li><strong>C:\\Users\\user\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini <\/strong><\/li><\/ul><\/li><li>Esfiltrazione di informazioni personali dell&#8217;utente<ul><li><strong>C:\\Users\\user\\AppData\\Roaming\\Thunderbird\\profiles.ini <\/strong><\/li><\/ul><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/05\/image.png\" alt=\"\" class=\"wp-image-2375\" loading=\"lazy\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h5 class=\"wp-block-heading\">Dropped files<\/h5>\n\n\n\n<p>Durante l&#8217;esecuzione del sample avviene <em>l&#8217;unpacking <\/em>e la persistenza del malware. Processo che porta alla creazione di nuovi file:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li> C:\\Users\\admin\\AppData\\Roaming\\NewApp\\<strong>NewApp.exe<\/strong><\/li><li> C:\\Users\\admin\\AppData\\Roaming\\<strong>ysZeGjU.exe<\/strong> <\/li><li> C:\\Users\\admin\\AppData\\Local\\Temp\\<strong>tmpD59.tmp <\/strong> <\/li><\/ul>\n\n\n\n<p>I file  <strong>ysZeGjU.exe <\/strong>\u00e8 l&#8217;effettivo malware che verr\u00e0 poi eseguito ad ogni avvio del computer per ottenere un accesso remoto e persistente.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<h5 class=\"wp-block-heading\">Chiavi di registro create<\/h5>\n\n\n\n<p>Tali chiavi vengono create per poter ottenere la persistenza nel sistema, consentendo l&#8217;avvio del malware ad ogni riavvio della macchina.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>CHIAVE <\/strong>HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run  <ul><li><strong>NOME <\/strong>NewApp  <\/li><li><strong>VALORE <\/strong>C:\\Users\\admin\\AppData\\Roaming\\NewApp\\NewApp.exe <\/li><\/ul><\/li><li><strong>CHIAVE <\/strong> KEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run <ul><li><strong>NOME <\/strong>NewApp  <\/li><li><strong>VALORE <\/strong>C:\\Users\\admin\\AppData\\Roaming\\NewApp\\NewApp.exe<\/li><\/ul><\/li><\/ul>\n<\/div><\/div>\n\n\n\n<h5 class=\"wp-block-heading\">Network activity<\/h5>\n\n\n\n<p>Il malware risulta contattare il server C2 (di comando e controllo) al quale invia le informazioni sottratte alle vittime e permette il controllo remoto del sistema:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Domain <\/strong>mail[.]tradzilanilaw[.]co[.]za <\/li><li><strong>IP  <\/strong>69[.]46[.]6[.]238 <\/li><\/ul>\n\n\n\n<p>Come illustrato nella figura sottostante, il dominio e l&#8217;IP contattati dal <em>sample <\/em>in analisi risulta essere stato utilizzato anche per altre campagne malware e altri malware della stessa famiglia (<em>Agent Tesla<\/em>).<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/05\/image-1.png\" alt=\"\" class=\"wp-image-2390\" loading=\"lazy\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<h3 class=\"wp-block-heading\">Analisi statica<\/h3>\n\n\n\n<p>Attraverso una prima analisi statica del <strong>sample iniziale<\/strong> di Agent Tesla \u00e8 possibile estrarre alcune informazioni interessati, tra cui:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li> <strong>md5 <\/strong>63CCA7B824B315FE272B8B4768CCB44E<\/li><li> <strong>sha1 <\/strong>D3B145B0C415488815B430F71EA82BA8F4289F05<\/li><li> <strong>sha256 <\/strong>46CE9BBD88955426CB51DB89E2767E46B5A1718B1D90407C5845B648EE8DC7C8<\/li><li> <strong>first-bytes-hex<\/strong> 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 <\/li><li> <strong>entry-point<\/strong> FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <\/li><li> <strong>file-version<\/strong> 0.8.0.0<\/li><li> <strong>cpu <\/strong>32-bit<\/li><li> <strong>compiler-stamp<\/strong> 0x60A58B3F (Thu May 20 00:03:43 2021)<\/li><li> <strong>code-page<\/strong> Unicode UTF-16, little endian<\/li><li> <strong>CompanyName<\/strong> Fayva<\/li><li> <strong>FileDescription<\/strong> wsManager<\/li><li> <strong>InternalName<\/strong> 8MUWA2d1M.exe<\/li><li> <strong>LegalCopyright <\/strong>Copyright \u00a9  Fayva<\/li><li> <strong>OriginalFilename<\/strong> 8MUWA2d1M.exe<\/li><li> <strong>ProductName<\/strong> webshellManager  <\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h5 class=\"wp-block-heading\">ysZeGjU.exe<\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>md5 <\/strong>63CCA7B824B315FE272B8B4768CCB44E<\/li><li> <strong>sha1 <\/strong>D3B145B0C415488815B430F71EA82BA8F4289F05<\/li><li> <strong>sha256 <\/strong>46CE9BBD88955426CB51DB89E2767E46B5A1718B1D90407C5845B648EE8DC7C8<\/li><li> <strong>first-bytes-hex<\/strong> 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 <\/li><li> <strong>imphash <\/strong>F34D5F2D4577ED6D9CEEC516C1F5A744<\/li><li><strong> entry-point<\/strong> FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <\/li><li><strong> file-version<\/strong> 0.8.0.0<\/li><li> <strong>description <\/strong>wsManager<\/li><li> <strong>cpu <\/strong>32-bit<\/li><li> <strong>compiler-stamp<\/strong> 0x60A58B3F (Thu May 20 00:03:43 2021)<\/li><li> <strong>CompanyName <\/strong>Fayva<\/li><li> <strong>FileDescription <\/strong>wsManager<\/li><li> <strong>FileVersion <\/strong>0.8.0.0<\/li><li> <strong>InternalName <\/strong>8MUWA2d1M.exe<\/li><li> <strong>LegalCopyright <\/strong>Copyright \u00a9  Fayva<\/li><li> <strong>OriginalFilename<\/strong> 8MUWA2d1M.exe<\/li><li> <strong>ProductName <\/strong>webshellManager <\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h5 class=\"wp-block-heading\">NewApp.exe<\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>md5 <\/strong>0E06054BEB13192588E745EE63A84173<\/li><li> <strong>sha1 <\/strong>30B7D4D1277BAFD04A83779FD566A1F834A8D113<\/li><li> <strong>sha256 <\/strong>C5D6D56DED55FBD6C150EE3A0EB2E5671CAE83106BE2BE4D70CE50AA50BAB768<\/li><li> <strong>first-bytes-hex<\/strong> 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 <\/li><li> <strong>imphash <\/strong>F34D5F2D4577ED6D9CEEC516C1F5A744<\/li><li> <strong>entry-point<\/strong> FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <\/li><li> <strong>file-version<\/strong> 4.7.3062.0 built by: NET472REL1<\/li><li> <strong>description <\/strong>Microsoft .NET Services Installation Utility<\/li><li> <strong>cpu <\/strong>32-bit<\/li><li> <strong>compiler-stamp<\/strong> 0x5AB95109 (Mon Mar 26 21:59:05 2018 )<\/li><li> <strong>code-page<\/strong> Unicode UTF-16, little endian<\/li><li> <strong>CompanyName <\/strong>Microsoft Corporation<\/li><li> <strong>FileDescription <\/strong>Microsoft .NET Services Installation Utility<\/li><li> <strong>InternalName <\/strong>RegSvcs.exe<\/li><li> <strong>LegalCopyright <\/strong>\u00a9 Microsoft Corporation.  All rights reserved.<\/li><li> <strong>OriginalFilename <\/strong>RegSvcs.exe<\/li><li> <strong>ProductName <\/strong>Microsoft\u00ae .NET Framework <\/li><\/ul>\n\n\n\n<p><em>NewApp <\/em>risulta essere il tool di Microsoft <strong>RegSvcs.exe<\/strong>, tramite cui \u00e8 possibile creare chiavi di registro.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h5 class=\"wp-block-heading\"> <strong>tmpD59.tmp<\/strong> <\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>md5 <\/strong>C0089F5200712CEBEC6B695A682611B3<\/li><li> <strong>sha1 <\/strong>F30A3BDACB50B9CA066EC23BAB70164025ADF439<\/li><li> <strong>sha256 <\/strong>050749E86B5846DD70D4F2A8324B742C0F87109D7CDB356D33968AFDC57CED96<\/li><li> <strong>first-bytes-hex<\/strong> 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 46 <\/li><li> <strong>first-bytes-text<\/strong> &lt; ? x m l   v e r s i o n = &#8221; 1 . 0 &#8221;   e n c o d i n g = &#8221; U T F <\/li><\/ul>\n\n\n\n<p>Estratto del contenuto del file:<\/p>\n<blockquote>\n<p>&lt;LogonTrigger&gt;<br>&lt;Enabled&gt;true&lt;\/Enabled&gt; <br>&lt;UserId&gt;USER-PC\\admin&lt;\/UserId&gt;<br>&lt;\/LogonTrigger&gt; &lt;Command&gt;C:\\Users\\admin\\AppData\\Roaming\\ysZeGjU.exe&lt;\/Command&gt;<\/p>\n<\/blockquote>\n\n\n\n<p>Utilizzato come sistema di persistenza del malware (<strong>ysZeGjU.exe<\/strong>) ad ogni accesso dell&#8217;utente colpito.<\/p>\n<\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">Altri IOC correlati ad Agent Tesla<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li> 69[.]46[.]6[.]238 <\/li><li>192[.]185[.]226[.]148<\/li><li> 198[.]154[.]240[.]47<\/li><li> 166[.]62[.]27[.]182<\/li><li> 192[.]168[.]100[.]167<\/li><li> 69[.]16[.]231[.]57<\/li><li> 103[.]14[.]20[.]94<\/li><li> 198[.]54[.]115[.]249<\/li><li> 204[.]11[.]56[.]48<\/li><li> 199[.]188[.]206[.]58<\/li><li> 198[.]49[.]72[.]29<\/li><li> 63[.]247[.]140[.]70<\/li><li> 198[.]54[.]115[.]130<\/li><li> 198[.]54[.]116[.]236<\/li><li> 209[.]99[.]40[.]222<\/li><li> 207[.]174[.]214[.]206<\/li><li> 78[.]198[.]121[.]158<\/li><li> 104[.]194[.]10[.]93<\/li><li> 68[.]65[.]123[.]141<\/li><li> 185[.]61[.]153[.]106<\/li><li> 193[.]239[.]84[.]207<\/li><\/ul>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p>Elenco degli hash degli eseguibili dei sample di Agent Tesla rilevati: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>45c22ef191a04d054c8a9e4f873c8ccfe34527944da8c9f60dbb656c7a1dd30e <\/li><li>878a4f96c80d638d087347f2f4d9fd09df01b3bff20ce362c9fff16bca94e5bb<\/li><li>0fbeab0e8f28875b8961f590ff42267c3e21ce9ea587a02fb9573fdfe9c4fb3c <\/li><li>1137a5b1100685623a208af986d530c8f603f82e874721bdac8ce48488baf08e<\/li><li>595991e7a071216bcda0f04df68de57a54f8bd31197031b4b4d473675aa285f1<\/li><li>f7ad9b234d31ce511b8b0915c52e8611b3a7667c71ed5ffd6cc26ce99d2ba5b4<\/li><li>46ce9bbd88955426cb51db89e2767e46b5a1718b1d90407c5845b648ee8dc7c8<\/li><\/ul>\n<\/div><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>46CE9BBD88955426CB51DB89E2767E46B5A1718B1D90407C5845B648EE8DC7C8<\/li><li>009865EA20036C19381086A91108D419A8294DF7CF4C1DF5919D9DA1D613F4AE<\/li><li>8C452BB85D7C88B9B0DD44023EC6F4D63ABD7E2AD66205B598B32A6D31F36888<\/li><li>47243E179BC23FE9057253F84684C37EBE99F2E70DA2E8236F56042E64C335B5<\/li><li>98377E01641DAD941B567A822A9F99C843CEFB38FE4B641D99CE0E83E3E0C498<\/li><li>DDE9D304BD76E5070A8837EB4B8859B8CF73F5F97154EAC84F55859CCDF01758<\/li><li>824A19B9DC158B71EAFF47E2EE64688CFD315E493DF198FAB0166370488D9553<\/li><li>19AA079C6DE34EB550070AA69F98C741AEFD04D8B83B1C7E23BF89576BA1B69B<\/li><li>BF046025515879E2A468B9FF5305EB34C927B6C3E6B1ADBE50277B24A255FC9F<\/li><li>456A91ABABAF84F414409B11CCD8C3707B4BB960FF1EA7C2C4D0994786C10523<\/li><li>5B8643A221D028761328525EC881250FB02840F97792557020A49A226D23E7E6<\/li><li>9692D3FCBE8181EB9B964C8CE0D960A3C3F64E84E231BAA607798971C744CDE8<\/li><li>CC8712E3A1EF6A730A68805E62971D3DA99EFCBF120FB627D1C7315B3CA35F8B<\/li><li>ED16AF86E5BA09E46175311CF0EB7E3E1684ABA68ED59BE8E7327B4A47245326<\/li><li>5753294933668F57E487079FFFF070BAF9D275E30798A5D9CF9D54EEFEC352C4<\/li><li>82F1CEE3C16BA6868870E1B45CCF5DFB126562A42F1B3EA0DA7122A965F5A400<\/li><li>34CD4FCF758566CCFD538E85988330EC7DB2C7823375448353DC7A8F9B4EB53B<\/li><li>C218F628B56B2316CBE236C3A15EB3AA1D138CCD85FC5D5CE76CCAA61BF75032<\/li><li>0498C1E68E0FB59171E05BEE6AFDC6E4697F28FEC80BA0E9C70D4B5A7A6AD198<\/li><li>90EBC7865DF4E941AACD68DD89BEA0EFCD6A082CEBCBA405FE0400C39CACD21D<\/li><li>C5712FAD8759DCBF70ADD6208D6E4824680DC6F452D1E63AC1F2FC1CA8B0F24F<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li> mail[.]tradzilanilaw[.]co[.]za  <\/li><li>webmail[.]mdist[.]us<\/li><li> mail[.]axes[.]com[.]pe<\/li><li> mail[.]vpb[.]pe<\/li><li> api[.]ip[.]sb<\/li><li> www[.]newcontemporaryartists[.]com<\/li><li> joophesh[.]com<\/li><li> outtlook[.]com<\/li><li> www[.]adblockgenesis[.]com<\/li><li> concordiaoperativo[.]com<\/li><li> mail[.]aceconsulting[.]in<\/li><li> smtp[.]syametal[.]com<\/li><li> smtp[.]robotah[.]eu<\/li><li> smtp[.]globaloffs-site[.]com<\/li><li> smtp[.]kaeiser[.]com<\/li><li> smtp[.]frtsolutinos[.]com<\/li><li> smtp[.]ternptechindia[.]com<\/li><li> esclavage-indemnites[.]fr<\/li><li> smtp[.]freislandcampina[.]co<\/li><li> smtp[.]sierametals[.]com<\/li><li> smtp[.]nilkarnal[.]com<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Agent Tesla Agent Tesla is spyware that collects information about the actions of its victims by recording keystrokes and user interactions. It is falsely marketed as a legitimate software on the dedicated website where this malware is sold. The spyware is created using .Net software framework. It is aimed at stealing personal data and transmitting [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2409,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[25,61,75,212,285,320],"class_list":["post-2365","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-news","tag-agent","tag-c2","tag-command","tag-malware","tag-rat","tag-silver-terrier"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=2365"}],"version-history":[{"count":0,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2365\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=2365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=2365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=2365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}