{"id":2120,"date":"2022-04-07T06:51:00","date_gmt":"2022-04-07T06:51:00","guid":{"rendered":"\/cybersecurity-blog\/?p=2120"},"modified":"2025-01-31T07:16:34","modified_gmt":"2025-01-31T07:16:34","slug":"mitm-proxy-fake-net","status":"publish","type":"post","link":"\/cybersecurity-blog\/mitm-proxy-fake-net\/","title":{"rendered":"MITM proxy and FakeNet"},"content":{"rendered":"\n<p>Malware analysts are always eager to expand their malware investigation. Thankfully, modern tools allow researching threats more properly. ANY.RUN sandbox is a service where you complete your task effortlessly with a wealth of data. Today we will talk about two helpful features: MITM proxy and FakeNet, so you can analyze threats even faster and get more information.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">MITM proxy for HTTPS&nbsp;<\/h3>\n\n\n\n<p>Different types of malicious content employ a secure connection to communicate with the host servers. And the analysis of that traffic can bring a lot of juicy data essential for SOC work. The HTTP traffic isn\u2019t encrypted and goes via 80 HTTP ports, and if we intercept it, there is no need to do anything else \u2013 all the content is already displayed there.&nbsp;<br><\/p>\n\n\n\n<p>But sometimes it takes some effort to find out the required information. In most cases, malware is more complicated, and it may use HTTPS and 443 port, which is more secure traffic. And this time, the content will be encrypted.&nbsp;<br><\/p>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/-JaI1r10k0QQhh0mmv6uxCsjOPGZ24YcaFeBTXPcEXrrx3WKsmoHbphvlrujum777foArD1M6iAek53WeCsufTPUAhEwA6MJsj6y7qu7Rtm7YRHs478f_vRd6aef4ydXXrLdIoyc\" alt=\"\" style=\"width:801px;height:681px\"\/><figcaption class=\"wp-element-caption\"><em>&nbsp;Network stream with encrypted content&nbsp;<\/em><\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>Malware analysts\u2019 goal is to decrypt to reveal hackers\u2019 secrets. And in this very case, the MITM proxy feature comes out.&nbsp;<br><\/p>\n\n\n\n<p>In a man-in-the-middle (MITM) attack scheme, crooks impersonate one of the sides of a two-party transaction, manipulating or stealing data or transfers. MITM proxy is a tool that also imitates one of the sides. MITM proxy is <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=in-house&amp;utm_content=mitm_proxy\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">ANY.RUN<\/a>\u2019s feature for HTTPS traffic analysis. With the MITM feature, you can get:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>full URLs<\/li>\n\n\n\n<li>request headers<\/li>\n\n\n\n<li>content of request and response connections to the C&amp;C server.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How does MITM proxy work? <\/h2>\n\n\n\n<p>Using the Man-in-the-middle feature, you intercept the HTTPS requests. By doing so, this feature gets the keys to decrypt traffic. And during the analysis in real-time, you can monitor the process of HTTPS traffic\u2019s decryption. In the Connections and HTTP requests, information is displayed conveniently. Click on the content from different packets, IPs, and URLs. And most of the time, content is available for research. You can see where and what was collected by the crooks. The information will be readable and not just a set of numbers or symbols.\u00a0<br><\/p>\n\n\n\n<p>For example, <a href=\"https:\/\/app.any.run\/tasks\/86b28b4d-7e2b-42f0-957e-8f3776c5b7e5\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">the following sample<\/a> contains a <a href=\"https:\/\/any.run\/cybersecurity-blog\/phising-types-of-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">phishing <\/a>form. And if we input fake data, it will be displayed in the HTTP Connection section owing to the HTTPS MITM Proxy feature.&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/VOroUVzdLzmTGHUJYhLCwGyE2RMBCDKBNodzhH4nslA-Pkr4h3V1-ycKXkIT0mzkdWKiVamt204jPCMDxEjTFq1nfvEwi822Z4kxojeT_G4oMUWQCihIKZrHG4lFzQ6qBiJ9weJ1\" alt=\"\"\/><figcaption class=\"wp-element-caption\">Input data display with HTTPS MITM Proxy feature<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>When the analysis is completed, you can save HTTPS conversations and download the PCAP file with the sample\u2019s traffic. Moreover, the investigation with MITM proxy gives an opportunity to get SSL keys that you can use for further analysis, decryption, or replay in tools such as Wireshark.&nbsp;<br><\/p>\n\n\n\n<p>We recommend watching an example of <a aria-label=\" (opens in a new tab)\" href=\"https:\/\/app.any.run\/tasks\/b842b83f-178c-40a7-ad05-40456abf7f2d\/\" target=\"_blank\" rel=\"noreferrer noopener\">Danabot sample<\/a> analysis showing how to use MITM HTTPS proxy.<br><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"How to decrypt HTTPS traffic with ANY.RUN on the Danabot sample\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/Kt-ym8sCP3U?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>To sum it up, the MITM proxy feature is an essential part of malware analysis. IPs, URLs, and stolen data can be tracked, monitored, and investigated more properly. Moreover, you get a complete and detailed picture of the malicious sample\u2019s intentions and activities.&nbsp;<br><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">FakeNet<\/h2>\n\n\n\n<p>Besides the MITM proxy, there is one more feature that you can work with while investigating the network traffic \u2013\u00a0 the FakeNet functionality. Sometimes malware, after the infection, tries to send some packets. And if it doesn\u2019t get a response, the malicious software may hide for a while and stay undetected or even stop execution. To trigger advanced threats, ANY.RUN has the FakeNet feature to answer malicious file requests. It creates answers for malware automatically by redirecting network traffic and simulating real network services.\u00a0<br><\/p>\n\n\n\n<p>Let\u2019s take a look at the <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/app.any.run\/tasks\/7b8434ed-5099-412f-b7e2-4ffbb7fcfb71\/\" target=\"_blank\">Emotet sample<\/a>. There is a list of 15 or more URLs from which the malicious document tried to download the main payload. If we run a sample in the isolated network, we can trigger only one address, while others stay invisible or even get deleted. But if we turn on FakeNet, it answers and returns a 404 answer. In this case, Emotet understands that a useful load has been deleted from the server, and it can take the next URL from the list until all of them are used.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/GKB6vS1pmdmcp6CQ11ePMxJOBDBz3PedI72XYjE_4afiuQRGUdfR2OZkoTAbScWSt-R2GFmItK9VXIXAsKdEE9hEdzmfmeezT4hBVDGHPT3cVcsm8n5Ga6q5lDecvN-IkA1z5ff3\" alt=\"\"\/><figcaption class=\"wp-element-caption\"><em>HTTP Requests with MITM proxy<\/em><br><\/figcaption><\/figure>\n\n\n\n<p>FakeNet saves malware analysts time: you don\u2019t need to look for a special tool, download it and install it for this matter. Everything is already here in your virtual machine. Maximum information will be extracted automatically, without any effort.&nbsp;<br><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How to use MITM proxy and FakeNet in ANY.RUN?<\/h3>\n\n\n\n<p>ANY.RUN has a bunch of configurations so that you can customize your virtual machine for analysis easily and fast. <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/app.any.run\/?_ga=2.111214916.1161750649.1644836249-2074291658.1644836249\" target=\"_blank\">Create a new task<\/a> and switch to the Pro mode. And here comes the good stuff: you can do whatever you want and make a specific VM for your objectives. But this time, we focus on the Network block. And that\u2019s pretty much it. Choose a feature you need, or get both of them \u2013 check the MITM proxy and FakeNet boxes.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/7b4LIu-RmTATCcImGey66dxcDlc3klXfuhu-6S9CCc_YzHnbTi7QVn1uG7n4tosVdSIOrZBHPzPvM2QCwvP7yha4-p8Ad38bneQy1DQh_k1VH8cNnI57yBKohk9lK9wW0-UPS50W\" alt=\"\"\/><figcaption class=\"wp-element-caption\"><em>Create a task using MITM proxy and FakeNet<\/em><br><\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>The next step is to run a task. And owing to the <a href=\"https:\/\/any.run\/cybersecurity-blog\/instant-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Instant access technique<\/a>, you start the analysis immediately. Right now, we need to focus on the HTTP Request in the Network block. You can find it in the first section right under the interaction field.<br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/yxHqau-Qo5ukrmB3hW5Sy7W_GDnq2g6Ix_20tQu6m7z8bsCWtkr0ood0Oj41mndCIYYxcMvqkc65TBicw_fjqXUjweIUsHeSGhr2vz4rp2180NuknA63UgMbB9gpKyUki8KI1a9b\" alt=\"\"\/><figcaption class=\"wp-element-caption\"><em>A finished task in ANY.RUN<\/em><br><\/figcaption><\/figure>\n\n\n\n<p>Feel free to ask questions in the comments and leave your feedback if the MITM proxy HTTPS communication analysis tool and FakeNet help you out in your work!\u00a0<br><\/p>\n\n\n\n<p>What ANY.RUN feature should we cover next?&nbsp; <br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malware analysts are always eager to expand their malware investigation. Thankfully, modern tools allow researching threats more properly. ANY.RUN sandbox is a service where you complete your task effortlessly with a wealth of data. Today we will talk about two helpful features: MITM proxy and FakeNet, so you can analyze threats even faster and get [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3683,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[57,34],"class_list":["post-2120","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-anyrun","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>MITM proxy and FakeNet - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"How to track the stolen data and get more info with MITM proxy &amp; FakeNet? Read the post to get a complete picture of the malicious intentions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"Article\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/#article\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/\"\n\t            },\n\t            \"author\": {\n\t                \"name\": \"ANY.RUN\",\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"headline\": \"MITM proxy and FakeNet\",\n\t            \"datePublished\": \"2022-04-07T06:51:00+00:00\",\n\t            \"dateModified\": \"2025-01-31T07:16:34+00:00\",\n\t            \"mainEntityOfPage\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/\"\n\t            },\n\t            \"wordCount\": 943,\n\t            \"commentCount\": 2,\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"keywords\": [\n\t                \"ANYRUN\",\n\t                \"malware analysis\"\n\t            ],\n\t            \"articleSection\": [\n\t                \"Cybersecurity Lifehacks\"\n\t            ],\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"CommentAction\",\n\t                    \"name\": \"Comment\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/#respond\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebPage\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/\",\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/\",\n\t            \"name\": \"MITM proxy and FakeNet - ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"datePublished\": \"2022-04-07T06:51:00+00:00\",\n\t            \"dateModified\": \"2025-01-31T07:16:34+00:00\",\n\t            \"description\": \"How to track the stolen data and get more info with MITM proxy & FakeNet? Read the post to get a complete picture of the malicious intentions.\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/#breadcrumb\"\n\t            },\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Cybersecurity Lifehacks\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 3,\n\t                    \"name\": \"MITM proxy and FakeNet\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"description\": \"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"https:\/\/any.run\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": \"required name=search_term_string\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Organization\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"logo\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"contentUrl\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"width\": 1,\n\t                \"height\": 1,\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"image\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"sameAs\": [\n\t                \"https:\/\/www.facebook.com\/www.any.run\/\",\n\t                \"https:\/\/twitter.com\/anyrun_app\",\n\t                \"https:\/\/www.linkedin.com\/company\/30692044\",\n\t                \"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"contentUrl\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MITM proxy and FakeNet - ANY.RUN&#039;s Cybersecurity Blog","description":"How to track the stolen data and get more info with MITM proxy & FakeNet? Read the post to get a complete picture of the malicious intentions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"MITM proxy and FakeNet","datePublished":"2022-04-07T06:51:00+00:00","dateModified":"2025-01-31T07:16:34+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/"},"wordCount":943,"commentCount":2,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","malware analysis"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/","url":"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/","name":"MITM proxy and FakeNet - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2022-04-07T06:51:00+00:00","dateModified":"2025-01-31T07:16:34+00:00","description":"How to track the stolen data and get more info with MITM proxy & FakeNet? Read the post to get a complete picture of the malicious intentions.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"MITM proxy and FakeNet"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/2120"}],"collection":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=2120"}],"version-history":[{"count":4,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/2120\/revisions"}],"predecessor-version":[{"id":11399,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/2120\/revisions\/11399"}],"wp:featuredmedia":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/3683"}],"wp:attachment":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=2120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=2120"},{"taxonomy":"post_tag","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=2120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}