{"id":5938,"date":"2023-10-10T06:58:15","date_gmt":"2023-10-10T06:58:15","guid":{"rendered":"\/cybersecurity-blog\/?p=5938"},"modified":"2023-10-10T08:19:42","modified_gmt":"2023-10-10T08:19:42","slug":"malware-trends-q3-2023","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/","title":{"rendered":"Malware Trends Report: Q3, 2023\u00a0"},"content":{"rendered":"\n<p>Welcome to <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=trendsq32023&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&#8216;s Q2 2023 malware trends analysis \u2014 our latest quarterly update on prevalent malware families, types, and TTPs.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Summary&nbsp;<\/h2>\n\n\n\n<p>This quarterly review for Q3 2023 shows that ANY.RUN\u2019s users processed a total of 728,758 submissions. Out of these, we identified 170,238 tasks, accounting for 23.4%, as malicious, and an additional 28,205 tasks (3.9%) as suspicious.&nbsp;<\/p>\n\n\n\n<p>Compared to <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q2-2023\/\" target=\"_blank\" rel=\"noreferrer noopener\">the previous quarter<\/a>, the percentage of tasks classified as malicious has dropped slightly from 29.9% to 23.4%. Tasks marked as suspicious have decreased in percentage from 4.5% to 3.9%.\u00a0<\/p>\n\n\n\n<p>As for Indicators of Compromise (IOCs), our users collected a staggering 48,932,710 unique IOCs and a cumulative total of 205,293,054 IOCs this quarter. This shows an increase in unique IOCs from approximately 45 million last quarter.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Review-IN-Q3-2023-1024x567.jpg\" alt=\"\" class=\"wp-image-5948\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Review-IN-Q3-2023-1024x567.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Review-IN-Q3-2023-300x166.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Review-IN-Q3-2023-768x425.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Review-IN-Q3-2023-370x205.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Review-IN-Q3-2023-270x149.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Review-IN-Q3-2023-740x410.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Review-IN-Q3-2023.jpg 1263w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>In this report, we\u2019ll:&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Explore which malware types and families were the most used in Q3 2023, according to ANY.RUN\u2019s data&nbsp;&nbsp;<\/li>\n\n\n\n<li>Provide insights into the most used MITRE ATT&amp;CK TTPs this quarter&nbsp;&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Let\u2019s get started.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Top Malware Types in Q3 2023&nbsp;<\/h2>\n\n\n\n<p>Let&#8217;s examine the most common malware types processed by the ANY.RUN sandbox. Given the large dataset we&#8217;re working with, this offers insight into the threats your organization is most likely to face.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-1-1024x538.jpg\" alt=\"\" class=\"wp-image-5947\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-1-1024x538.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-1-300x158.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-1-768x403.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-1-1536x806.jpg 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-1-370x194.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-1-270x142.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-1-740x389.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-1.jpg 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"1\">\n<li><strong>Loader: <\/strong>6203&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>Stealer: <\/strong>5423&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li><strong>RAT: <\/strong>3963&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li><strong>Ransomware: <\/strong>3283&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li><strong>Trojan: <\/strong>2426&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li><strong>Installer: <\/strong>2198&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"7\">\n<li><strong>Keylogger: <\/strong>752&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"8\">\n<li><strong>Backdoor: <\/strong>545&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"9\">\n<li><strong>Miner<\/strong>: 231&nbsp;<\/li>\n<\/ol>\n\n\n\n<p><strong>Highlights<\/strong>&nbsp;<\/p>\n\n\n\n<p>In Q3 2023, the top three most uploaded types of malware were Loader, Stealer, and RAT, showing a shift in the landscape compared to Q2 2023, where RAT, Loader, and <a href=\"https:\/\/any.run\/malware-trends\/trojan\" target=\"_blank\" rel=\"noreferrer noopener\">Trojan<\/a> were the leaders.\u00a0<\/p>\n\n\n\n<p>Specifically, Loader instances remained high but showed a slight decrease, going from 5685 in Q2 to 6203 this quarter. That&#8217;s a 9.1% increase, which is notable but not as dramatic as some of the shifts we&#8217;ve seen. Stealer has emerged as a major player, with 5423 instances, but wasn&#8217;t a top-three contender in Q2. RAT instances decreased from 5974 in Q2 to 3963 in Q3, marking a 33.6% drop.&nbsp;<\/p>\n\n\n\n<p>In a noteworthy trend, Ransomware moved to the fourth position with 3283 instances, but it&#8217;s Trojan that experienced the most dramatic decrease among the previous top three, dropping from 4246 in Q2 to 2426 this quarter, a decline of 42.9%.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Top Malware Families in Q3 2023&nbsp;<\/h2>\n\n\n\n<p>The leading malware families typically remain stable, but this quarter saw a shift in the top 3 rankings. Here&#8217;s the rundown:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-2-1024x538.jpg\" alt=\"\" class=\"wp-image-5949\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-2-1024x538.jpg 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-2-300x158.jpg 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-2-768x403.jpg 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-2-1536x806.jpg 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-2-370x194.jpg 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-2-270x142.jpg 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-2-740x389.jpg 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/Top-trends-Q3-2.jpg 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"1\">\n<li><strong>RedLine<\/strong>: 2312&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>AgentTesla<\/strong>: 1524&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li><strong>NjRAT: <\/strong>1092&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li><strong>Remcos<\/strong>: 772&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li><strong>Amadey<\/strong>: 754&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li><strong>AsyncRAT<\/strong>: 708&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"7\">\n<li><strong>Vidar<\/strong>: 471&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"8\">\n<li><strong>Formbook<\/strong>: 454&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"9\">\n<li><strong>DCRat: <\/strong>398&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"10\">\n<li><strong>Smoke Loader<\/strong>: 258&nbsp;<\/li>\n<\/ol>\n\n\n\n<p><strong>Highlights<\/strong>&nbsp;<\/p>\n\n\n\n<p>In Q3 2023, the top malware families were RedLine, AgentTesla, and NjRAT. This shakes up the usual top three \u2014 <a href=\"https:\/\/any.run\/malware-trends\/remcos\" target=\"_blank\" rel=\"noreferrer noopener\">Remcos<\/a> held the spot for the second most common malware in the previous quarter.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/redline\" target=\"_blank\" rel=\"noreferrer noopener\">RedLine<\/a>, although still the most prevalent, saw a notable drop in instances, decreasing 32.3% from 3415 in Q2 to 2312 this quarter. This reverses the previous surge we saw last quarter.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/agenttesla\" target=\"_blank\" rel=\"noreferrer noopener\">AgentTesla<\/a> catapulted into the second spot with 1542 instances, replacing Remcos, which moved down to the fourth position with 772 instances\u2014a drop of 43.6% from 1368 in Q2.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/njrat\" target=\"_blank\" rel=\"noreferrer noopener\">NjRAT<\/a> remains in the top three but witnessed a minor decline in instances, decreasing from 1142 in Q2 to 1092 in Q3, a 4.4% reduction.<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nAnalyze malware and <span class=\"highlight\">collect IOCs<\/span> in ANY.RUN&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/#register\" rel=\"noopener\" target=\"_blank\">\nCreate free account\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Top MITRE ATT&amp;CK techniques in Q2 2023&nbsp;<\/h2>\n\n\n\n<p>MITRE ATT&amp;CK is a globally recognized framework that categorizes various adversary behaviors into tactics and techniques. It serves as a vital resource for malware analysts to identify, assess, and counter threats more effectively.&nbsp;<\/p>\n\n\n\n<p>In ANY.RUN, malware behaviors are automatically mapped to techniques, enabling us to compile this list:\u00a0<\/p>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-31\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"21\"\n           data-wpID=\"31\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-align-center\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        MITRE ATT&CK Technique\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-align-center\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Count\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1036.005 Masquerading: Match Legitimate Name or Location\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        151,442\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1518.001 Software Discovery: Security Software Discovery\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        108,077\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1569.002 System Services: Service Execution\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        30,215\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1114.001 Email Collection: Local Email Collection\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        27,329\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1497.003 Virtualization\/Sandbox Evasion: Time-Based Evasion\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        22,407\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A7\"\n                    data-col-index=\"0\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1053.005 Scheduled Task\/Job: Scheduled Task\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B7\"\n                    data-col-index=\"1\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        20,291\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A8\"\n                    data-col-index=\"0\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.003 Command and Scripting Interpreter: Windows Command Shell\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B8\"\n                    data-col-index=\"1\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        17,788\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A9\"\n                    data-col-index=\"0\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1218.011 Signed Binary Proxy Execution: Rundll32\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B9\"\n                    data-col-index=\"1\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        17,764\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A10\"\n                    data-col-index=\"0\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1562.001 Impair Defenses: Disable or Modify Tools\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B10\"\n                    data-col-index=\"1\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        12,948\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A11\"\n                    data-col-index=\"0\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1204.002 User Execution: Malicious File\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B11\"\n                    data-col-index=\"1\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        9,186\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A12\"\n                    data-col-index=\"0\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.001 Command and Scripting Interpreter: PowerShell\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B12\"\n                    data-col-index=\"1\"\n                    data-row-index=\"11\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        7,715\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A13\"\n                    data-col-index=\"0\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1547.001 Boot or Logon Autostart Execution: Registry Run Keys \/ Startup Folder\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B13\"\n                    data-col-index=\"1\"\n                    data-row-index=\"12\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        5,612\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A14\"\n                    data-col-index=\"0\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.005 Command and Scripting Interpreter: Visual Basic\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B14\"\n                    data-col-index=\"1\"\n                    data-row-index=\"13\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        4,871\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A15\"\n                    data-col-index=\"0\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1574.002 Hijack Execution Flow: DLL Side-Loading\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B15\"\n                    data-col-index=\"1\"\n                    data-row-index=\"14\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        4,126\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A16\"\n                    data-col-index=\"0\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1222.001 File and Directory Permissions: Linux and Mac File and Directory Permissions Modification\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B16\"\n                    data-col-index=\"1\"\n                    data-row-index=\"15\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        3,364\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A17\"\n                    data-col-index=\"0\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1059.007 Command and Scripting Interpreter: JavaScript\/JScript\t\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B17\"\n                    data-col-index=\"1\"\n                    data-row-index=\"16\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2,410\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A18\"\n                    data-col-index=\"0\"\n                    data-row-index=\"17\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1564.001 Hidden Files and Directories: Hidden Files and Directories\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B18\"\n                    data-col-index=\"1\"\n                    data-row-index=\"17\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2,352\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A19\"\n                    data-col-index=\"0\"\n                    data-row-index=\"18\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1562.006 Impair Defenses: Disable or Modify Tools\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B19\"\n                    data-col-index=\"1\"\n                    data-row-index=\"18\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1,890\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A20\"\n                    data-col-index=\"0\"\n                    data-row-index=\"19\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1546.015 Event Triggered Execution: Accessibility Features\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B20\"\n                    data-col-index=\"1\"\n                    data-row-index=\"19\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1,868\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"A21\"\n                    data-col-index=\"0\"\n                    data-row-index=\"20\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        T1564.003 Hidden Files and Directories: Hidden Users\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell wpdt-align-left\"\n                                            data-cell-id=\"B21\"\n                    data-col-index=\"1\"\n                    data-row-index=\"20\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1,766\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-31'>\ntable#wpdtSimpleTable-31{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-31 td, table.wpdtSimpleTable31 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p><strong>Highlights<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T1036.005, Masquerading: Match Legitimate Name or Location, made a significant return to the top spot with 151,442 instances. This is notable since it was absent from the top ten in Q2.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T1518.001, Software Discovery: Security Software Discovery, entered the list as the second most prevalent technique with 108,077 instances, marking its first appearance in the top ranks.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T1569.002, System Services: Service Execution, also a new entry, takes the third spot with 30,215 instances.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T1059.003, Command and Scripting Interpreter: Windows Command Shell, although it increased to 17,788 instances, moved down from the most prevalent in Q2 to a lower rank in Q3.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T1059.001, Command and Scripting Interpreter: PowerShell, the second most prevalent technique in Q2, is notably missing from the top ten this quarter.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Report methodology<\/h2>\n\n\n\n<p>We&#8217;ve analyzed data from 728,758 tasks submitted to our <a href=\"https:\/\/app.any.run\/submissions\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=trendsq32023&amp;utm_content=publicsubmissions\" target=\"_blank\" rel=\"noreferrer noopener\">public threat database<\/a>. This data comes from a wide range of researchers who have chosen to make their findings public.\u00a0<\/p>\n\n\n\n<p>ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 300,000 professionals use our platform to investigate incidents and streamline threat analysis.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Request a demo today and enjoy 14 days of free access to our Enterprise plan.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=trendsq32023&amp;utm_content=demo\" target=\"_blank\" rel=\"noreferrer noopener\">Request demo \u2192<\/a>\u00a0\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to ANY.RUN&#8216;s Q2 2023 malware trends analysis \u2014 our latest quarterly update on prevalent malware families, types, and TTPs.\u00a0 Summary&nbsp; This quarterly review for Q3 2023 shows that ANY.RUN\u2019s users processed a total of 728,758 submissions. Out of these, we identified 170,238 tasks, accounting for 23.4%, as malicious, and an additional 28,205 tasks (3.9%) [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":5945,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[57,10,15],"class_list":["post-5938","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-anyrun","tag-cybersecurity","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Malware Trends Report: Q3, 2023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Explore the key malware trends in Q3 2023. Discover the top malware types and families, as well as the most common MITRE ATT&amp;CK techniques.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vlad Ananin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/\"},\"author\":{\"name\":\"Vlad Ananin\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Malware Trends Report: Q3, 2023\u00a0\",\"datePublished\":\"2023-10-10T06:58:15+00:00\",\"dateModified\":\"2023-10-10T08:19:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/\"},\"wordCount\":808,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/\",\"name\":\"Malware Trends Report: Q3, 2023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2023-10-10T06:58:15+00:00\",\"dateModified\":\"2023-10-10T08:19:42+00:00\",\"description\":\"Explore the key malware trends in Q3 2023. Discover the top malware types and families, as well as the most common MITRE ATT&CK techniques.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Malware Trends Report: Q3, 2023\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"Vlad Ananin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\"caption\":\"Vlad Ananin\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malware Trends Report: Q3, 2023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","description":"Explore the key malware trends in Q3 2023. Discover the top malware types and families, as well as the most common MITRE ATT&CK techniques.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/","twitter_misc":{"Written by":"Vlad Ananin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/"},"author":{"name":"Vlad Ananin","@id":"https:\/\/any.run\/"},"headline":"Malware Trends Report: Q3, 2023\u00a0","datePublished":"2023-10-10T06:58:15+00:00","dateModified":"2023-10-10T08:19:42+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/"},"wordCount":808,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/","url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/","name":"Malware Trends Report: Q3, 2023\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2023-10-10T06:58:15+00:00","dateModified":"2023-10-10T08:19:42+00:00","description":"Explore the key malware trends in Q3 2023. Discover the top malware types and families, as well as the most common MITRE ATT&CK techniques.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-q3-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"Malware Trends Report: Q3, 2023\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"Vlad Ananin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","caption":"Vlad Ananin"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5938"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=5938"}],"version-history":[{"count":7,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5938\/revisions"}],"predecessor-version":[{"id":5957,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5938\/revisions\/5957"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/5945"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=5938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=5938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=5938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}