{"id":17053,"date":"2025-12-01T10:42:06","date_gmt":"2025-12-01T10:42:06","guid":{"rendered":"\/cybersecurity-blog\/?p=17053"},"modified":"2025-12-02T11:01:53","modified_gmt":"2025-12-02T11:01:53","slug":"threat-coverage-digest-november-2025","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/","title":{"rendered":"Threat Coverage Digest: New\u00a0Malware Reports and 5K+\u00a0Detection\u00a0Rules\u00a0"},"content":{"rendered":"\n<p>November was a packed month for detection coverage. We rolled out new&nbsp;behavioral&nbsp;insights, broadened our visibility across multiple threat families, and strengthened rulesets at every layer. On top of that, our analysts uncovered and documented a new phishing wave targeting Italian organizations through malicious PDF attachments, now fully mapped in a dedicated TI report.&nbsp;<\/p>\n\n\n\n<p>Let\u2019s&nbsp;walk through the full set of improvements we delivered this month.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Intelligence Reports&nbsp;<\/h2>\n\n\n\n<p>In November, we published&nbsp;several&nbsp;<a href=\"https:\/\/intelligence.any.run\/reports\/11-25-italian-target-phishing\" target=\"_blank\" rel=\"noreferrer noopener\">new TI&nbsp;Reports<\/a>&nbsp;covering&nbsp;threats that are currently targeting companies around the world.&nbsp;The four of them are open to everyone:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/intelligence.any.run\/reports\/69280f8e6d50f714f87222a3\" target=\"_blank\" rel=\"noreferrer noopener\">RoningLoader,&nbsp;HoldingHands,&nbsp;Snowlight<\/a>:&nbsp;<\/strong>APT-Q-27 loader chain, stealthy RAT, and Linux&nbsp;VShell&nbsp;dropper enabling cross-platform compromise of enterprise and server environments.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/intelligence.any.run\/reports\/11-20-threat-brief-pdfchampions-efimer-btmob\" target=\"_blank\" rel=\"noreferrer noopener\">PDFChampions,&nbsp;Efimer, BTMOB<\/a>:&nbsp;<\/strong>Malvertising-based browser hijacker, Tor-hosted cryptocurrency stealer, and Android&nbsp;MaaS&nbsp;trojan abusing Accessibility to drain banking, fintech, and wallet applications.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/intelligence.any.run\/reports\/11-14-threat-brief-monkey-phoenix-noneuclid\" target=\"_blank\" rel=\"noreferrer noopener\">Monkey, Phoenix,&nbsp;NonEuclid<\/a>:&nbsp;<\/strong>AI-generated Linux ransomware, espionage-focused backdoor, and dual-use RAT\u2013ransomware illustrating convergence of state-aligned techniques and financially motivated crimeware.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/intelligence.any.run\/reports\/11-05-threat-brief-valkyrie-sfuzuan-sorvepotel\" target=\"_blank\" rel=\"noreferrer noopener\">Valkyrie,&nbsp;Sfuzuan,&nbsp;Sorvepotel<\/a>:&nbsp;<\/strong>Windows stealer&nbsp;MaaS, adaptable backdoor, and WhatsApp-propagating campaign weaponizing social trust and messaging channels for large-scale infection.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>We also&nbsp;wrote&nbsp;an&nbsp;<a href=\"https:\/\/intelligence.any.run\/reports\/11-25-italian-target-phishing\" target=\"_blank\" rel=\"noreferrer noopener\">extensive&nbsp;report<\/a>&nbsp;exclusively for the&nbsp;<a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup Premium<\/a>&nbsp;subscribers. It goes in-depth&nbsp;on a&nbsp;phishing campaign aimed specifically at&nbsp;<strong>Italian organizations across transportation, tourism, telecom, IT, and government sectors<\/strong>. The activity relies on PDF attachments disguised as official documents, each redirecting victims to counterfeit Microsoft login pages built to harvest corporate credentials.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"577\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-1024x577.png\" alt=\"\" class=\"wp-image-17060\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-1024x577.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-768x433.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-1536x866.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-2048x1154.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image-740x417.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Recent TI report covering phishing of Italian organizations<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The report outlines:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A consistent lure pattern using Italian-language prompts inviting recipients to \u201creview\u201d or \u201csign\u201d a document&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>PDF filenames following a shared template:&nbsp;<strong>Allegato_Ufficiale_&lt;variable&gt;.pdf<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Brand impersonation, including well-known Italian companies,&nbsp;to raise credibility&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Redirect chains&nbsp;leveraging&nbsp;both compromised domains and attacker-controlled infrastructure (e.g.,&nbsp;<strong>phebeschool.org<\/strong>,&nbsp;<strong>mircosotfonilne.ru<\/strong>,&nbsp;<strong>vorn.revolucionww.com<\/strong>)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Browser fingerprinting&nbsp;behavior&nbsp;tied to data collection on victim systems&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email templates localized in Italian, with urgent subject lines pushing immediate action&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>We also included ready-to-use&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>TI Lookup queries<\/strong><\/a>&nbsp;so analysts can surface related samples quickly, track the filename cluster, and follow the network infrastructure across recent public&nbsp;analysis sessions.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nPower your\u00a0SOC\u00a0with fresh\u00a0threat\u00a0intel<br>from <span class=\"highlight\">15K organizations and 500K analysts\u00a0<\/span> \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/analysis\/lookup?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=Threat_Coverage_Digest_November_2025&#038;utm_term=011225&#038;utm_content=linktoregistration\" target=\"_blank\" rel=\"noopener\">\nSign up for TI Lookup\u00a0<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Behavior&nbsp;Signatures&nbsp;<\/h2>\n\n\n\n<p>In November, we expanded&nbsp;the&nbsp;malicious&nbsp;behavior&nbsp;coverage&nbsp;of&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a>&nbsp;with&nbsp;<strong>52&nbsp;new signatures&nbsp;<\/strong>across ransomware families, loaders, post-exploitation tools, and suspicious PowerShell activity. These additions help analysts surface malicious&nbsp;behavior&nbsp;earlier, reduce repeated checks, and speed up root-cause discovery.&nbsp;<\/p>\n\n\n\n<p>Here are the latest signatures added:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/44524172-990d-4cc0-9b89-b18b607b5bff?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">JSGuldr<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-1024x538.png\" alt=\"\" class=\"wp-image-17061\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-1024x538.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-300x158.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-768x403.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-1536x806.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-2048x1075.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-370x194.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-270x142.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image2-740x389.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>JSGuLdr is a new threat currently targeting enterprises<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/45fe2e01-fc4e-4a2d-b9ca-718da7cf777e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">LockerGoga<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/49525905-851a-4609-b0bb-f92395b9dc39?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">UDPGangster<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/aa328ef5-d4a7-459c-b5aa-534dc62653ed?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">WastedLocker<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/03290208-8aa2-46e5-8e65-9aaa07abb820?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">RoningLoader<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/0e9c1647-faf5-429d-a440-2f9c0d33c4f5?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PureHVNC mutex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/765177d4-ade9-4ed1-aa51-8cfa6e23313e?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">AURA<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/09c113a4-666f-4f40-b6d9-65b8d4f4896a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Possible Kerberos&nbsp;ticket injection (PowerShell)<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"573\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-1024x573.png\" alt=\"\" class=\"wp-image-17062\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-1024x573.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-300x168.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-768x429.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-1536x859.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-370x207.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-270x151.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3-740x414.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image3.png 1840w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN\u2019s Interactive Sandbox easily exposes CVE-2025-6216 attacks<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/aa8cb54c-c3b3-49ec-ad51-24b8cdb26963?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-6218<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/dcaeb1bc-4e4e-416d-abd5-89dc87cc9f6d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Compromised&nbsp;SteamCleaner<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/fe4a9705-28a4-49d1-a08e-99633d29d83b?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">LockerGoga<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/76153011-c00e-4fa9-a660-dd6514b8634f?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">UDPGangster<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/488c4d05-0138-423b-82b2-7b00b8fcf3e5\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PowerShell memory allocation<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/c54a2972-578b-4768-958b-0104f994c27a\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Possible path&nbsp;obfuscation (PowerShell)<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/14ae98e0-1490-4e47-8ba2-89c7cff664d3\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">NetworkMiner<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/8a62687c-2222-4680-ba21-70367a7ffc51\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Intercepter-NG<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/1f1ae98d-466d-4192-9bca-12c80382d373?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Snowlight<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/b45bed10-a51a-4dbf-a65d-8d1bec8cfba4?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">RawCap<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a5773201-8044-4246-82f8-20d0c162a02d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">PDFChampions mutex<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nDetect malware &#038; phishing <span class=\"highlight\">in 60 seconds\u00a0<\/span>\n<br>\nIntegrate ANY.RUN&#8217;s Sandbox in your SOC\n\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"http:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=Threat_Coverage_Digest_November_2025&#038;utm_term=011225&#038;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noopener\">\nTry now<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">YARA Rules&nbsp;<\/h2>\n\n\n\n<p>We added<strong>&nbsp;9&nbsp;YARA rules<\/strong>&nbsp;in November to improve early detection of ransomware, RAT families, and network-proxy tooling. These rules help analysts flag suspicious samples even before execution, making triage faster and more reliable.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/021ec2a5-1661-4f30-8a30-54e4bd0d3fba?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Pulsar<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/6b7b6d70-b0f1-487a-90d5-a1b08952b4f1?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Noneuclid<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/07e76c41-33f7-44a4-bf8c-8f636010d46a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">GhostSocks<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/a23d242c-da9f-4444-961f-3ce74ac7dcd2?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Qilin<\/a>&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Suricata Rules&nbsp;<\/h2>\n\n\n\n<p>In November, we added&nbsp;<strong>2,184 new Suricata rules<\/strong>, strengthening network-level detection for RAT traffic, stealer activity, and modern phishing techniques. These additions expand coverage for TLS fingerprinting and browser-based deception tactics.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"574\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-1024x574.png\" alt=\"\" class=\"wp-image-17063\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-1024x574.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-300x168.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-768x430.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-1536x860.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-370x207.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-270x151.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4-740x414.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/12\/image4.png 1839w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>A Suricata rule used for detecting&nbsp;GravityRAT&nbsp;in ANY.RUN\u2019s Sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/2047f3e6-73db-4771-bd43-a7aaeffbfa2a?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>GravityRAT JA3<\/strong><\/a><strong>&nbsp;<\/strong>(sid:84000202):&nbsp;Identifies&nbsp;GravityRAT&nbsp;network activity by previously unlisted JA3 TLS fingerprint.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d3af3496-9de1-4369-93e7-cd069939090d?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SalatStealer JA3<\/strong><\/a>&nbsp;(sid:84000205):&nbsp;Identifies&nbsp;SalatStealer&nbsp;network activity by previously unlisted JA3 TLS fingerprint.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/app.any.run\/tasks\/d112877b-b6bc-4a8e-b04c-50e2a96cf301?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Browser-in-the-Browser phishing attack<\/strong><\/a>&nbsp;(sid:85005418): Detects a phishing technique that simulates new browser window with legitimate domain within the actual browser window.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>, a leading provider of&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktosandboxlanding\" target=\"_blank\" rel=\"noreferrer noopener\">interactive malware analysis<\/a>&nbsp;and threat intelligence solutions, is used by more than&nbsp;<strong>500,000 analysts<\/strong>&nbsp;across&nbsp;<strong>15,000 organizations<\/strong>&nbsp;worldwide. The service helps teams investigate threats in real time, follow full execution chains, and surface critical&nbsp;behavior&nbsp;within seconds.&nbsp;<\/p>\n\n\n\n<p>Analysts can detonate samples, interact with them as they run, and&nbsp;immediately&nbsp;pivot into network traces, file system changes, registry activity, and memory artifacts. With continuously updated detection coverage, including new&nbsp;behavioralsignatures, YARA rules, Suricata rules, and&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">TI insights<\/a>, teams get faster answers and clearer visibility with less manual effort.&nbsp;<\/p>\n\n\n\n<p>Whether&nbsp;you&#8217;re&nbsp;running day-to-day investigations, handling escalations, or tracking emerging campaigns, ANY.RUN gives SOC teams, DFIR analysts, MSSPs, and researchers a practical way to reduce uncertainty and make decisions with confidence.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=Threat_Coverage_Digest_November_2025&amp;utm_term=011225&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Start your 14-day trial of ANY.RUN today \u2192<\/strong><\/a><strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/strong>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>November was a packed month for detection coverage. We rolled out new&nbsp;behavioral&nbsp;insights, broadened our visibility across multiple threat families, and strengthened rulesets at every layer. On top of that, our analysts uncovered and documented a new phishing wave targeting Italian organizations through malicious PDF attachments, now fully mapped in a dedicated TI report.&nbsp; Let\u2019s&nbsp;walk through [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":17057,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,34,40],"class_list":["post-17053","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-malware-analysis","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>November 2025 Threat Coverage Insights\u00a0from\u00a0ANY.RUN<\/title>\n<meta name=\"description\" content=\"November updates: TI reports, new\u00a0behavior\u00a0signatures, YARA rules, and 2,184 Suricata additions SOCs should know.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Threat Coverage Digest: New\u00a0Malware Reports and 5K+\u00a0Detection\u00a0Rules\u00a0\",\"datePublished\":\"2025-12-01T10:42:06+00:00\",\"dateModified\":\"2025-12-02T11:01:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/\"},\"wordCount\":917,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\",\"malware behavior\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/\",\"name\":\"November 2025 Threat Coverage Insights\u00a0from\u00a0ANY.RUN\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-12-01T10:42:06+00:00\",\"dateModified\":\"2025-12-02T11:01:53+00:00\",\"description\":\"November updates: TI reports, new\u00a0behavior\u00a0signatures, YARA rules, and 2,184 Suricata additions SOCs should know.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Threat Coverage Digest: New\u00a0Malware Reports and 5K+\u00a0Detection\u00a0Rules\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"November 2025 Threat Coverage Insights\u00a0from\u00a0ANY.RUN","description":"November updates: TI reports, new\u00a0behavior\u00a0signatures, YARA rules, and 2,184 Suricata additions SOCs should know.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Threat Coverage Digest: New\u00a0Malware Reports and 5K+\u00a0Detection\u00a0Rules\u00a0","datePublished":"2025-12-01T10:42:06+00:00","dateModified":"2025-12-02T11:01:53+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/"},"wordCount":917,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis","malware behavior"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/","url":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/","name":"November 2025 Threat Coverage Insights\u00a0from\u00a0ANY.RUN","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-12-01T10:42:06+00:00","dateModified":"2025-12-02T11:01:53+00:00","description":"November updates: TI reports, new\u00a0behavior\u00a0signatures, YARA rules, and 2,184 Suricata additions SOCs should know.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/threat-coverage-digest-november-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Threat Coverage Digest: New\u00a0Malware Reports and 5K+\u00a0Detection\u00a0Rules\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17053"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=17053"}],"version-history":[{"count":12,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17053\/revisions"}],"predecessor-version":[{"id":17132,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17053\/revisions\/17132"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/17057"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=17053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=17053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=17053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}