{"id":2546,"date":"2016-08-24T16:08:36","date_gmt":"2016-08-24T09:08:36","guid":{"rendered":"https:\/\/humanit.asia\/?p=2546"},"modified":"2019-07-22T15:01:34","modified_gmt":"2019-07-22T08:01:34","slug":"zepto-evasion-techniques","status":"publish","type":"post","link":"https:\/\/old.humanit.asia\/th\/zepto-evasion-techniques\/","title":{"rendered":"Zepto Evasion Techniques"},"content":{"rendered":"<div>\n<p>We\u2019ve been tracking some more spam dropping Zepto ransomware variants. Like <a href=\"https:\/\/blog.threattrack.com\/donoff-malicious-macro-zepto\/\">earlier posts<\/a>, we\u2019re seeing infected attachments with malicious macro scripts used as the entry point for the threat actor. (See images below of some recent spam samples.)<\/p>\n<p>As we dig deeper into our analysis, we found out that these macro scripts are not crafted manually. The malware authors have automated the creation and obfuscation of their code. This type of random obfuscation is one way of evading antivirus engines. As outlined below, our research highlights several methods employed to dynamically evolve the attack vector to circumvent detection.<\/p>\n<p>From the malicious emails we have gathered, we will examine the attachments to analyze key differences and common characteristics.<\/p>\n<p style=\"text-align: center;\">The malicious code was written and spread across the 3 sub modules:<\/p>\n<p><a href=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter wp-image-15926 size-full\" src=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2.png\" sizes=\"(max-width: 744px) 100vw, 744px\" srcset=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2.png 744w, https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2-300x119.png 300w\" alt=\"zepto automation\" width=\"744\" height=\"295\" \/><\/a><\/p>\n<p style=\"text-align: center;\">5 sub modules are being used for the malicious code:<\/p>\n<p><a href=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb2.png\"><img decoding=\"async\" class=\"aligncenter wp-image-15928 size-full\" src=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb2.png\" sizes=\"(max-width: 702px) 100vw, 702px\" srcset=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb2.png 702w, https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb2-300x157.png 300w\" alt=\"zepto obfuscation \" width=\"702\" height=\"367\" \/><\/a><\/p>\n<p>Examining the sub modules of the file shows that it has some common signatures that we can look for:<\/p>\n<p><a href=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb3-1.png\"><img decoding=\"async\" class=\"aligncenter wp-image-15931 size-full\" src=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb3-1.png\" sizes=\"(max-width: 740px) 100vw, 740px\" srcset=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb3-1.png 740w, https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb3-1-300x163.png 300w\" alt=\"zepto code\" width=\"740\" height=\"402\" \/><\/a><a href=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb4-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15933 size-full\" src=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb4-1.png\" sizes=\"(max-width: 766px) 100vw, 766px\" srcset=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb4-1.png 766w, https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb4-1-300x161.png 300w\" alt=\"zepto hidden code \" width=\"766\" height=\"410\" \/><\/a><\/p>\n<p>We were able to find blocks of code that shares common structures. Remember that these codes were found on a different part or index of the module. From programmer\u2019s perspective, this may seem a little odd to see codes like this, but as the analysis continues, we can say that this is just one part of the malware author\u2019s strategy\u00a0to hide the code and confuse incident responders.<\/p>\n<p>Notice the highlighted strings from both screenshots that are common across\u00a0the two samples. At first glance, some significant strings can be formed only if the garbage strings such as:<\/p>\n<ul>\n<li>\u201cRIIM\u201d<\/li>\n<li>\u201cPORKKI\u201d<\/li>\n<\/ul>\n<p>were removed or replaced, they can be formed as:<\/p>\n<ul>\n<li>\u201cmicrosoft\u201d<\/li>\n<li>\u201cAdodb.stream\u201d<\/li>\n<li>\u201cscript\u201d<\/li>\n<li>\u201capplication\u201d<\/li>\n<\/ul>\n<p>Additionally, and maybe more significant,\u00a0is the activity of these scripts. You will also notice the highlighted strings are surrounded by what we can now assume are garbage code for misdirection and to further obfuscate malicious code.<\/p>\n<p>Basically, the usual flow of the scripts analyzed will go like this:<\/p>\n<p><a href=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/flowchart.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15935 size-full\" src=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/flowchart.png\" sizes=\"(max-width: 163px) 100vw, 163px\" srcset=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/flowchart.png 163w, https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/flowchart-105x300.png 105w\" alt=\"zepto infection process\" width=\"163\" height=\"467\" \/><\/a><\/p>\n<p>At this point, the payload of the downloaded Zepto ransomware will take over.<\/p>\n<p>As observed with the Zepto downloaders, the scripts also varies with the encrypted URLs. Below are some of the URLs from which the monitored scripts attempted to download Zepto. Imagine how many of them are generated and how many various structured scripts are available in the wild. Zepto is not only distributed through macro scripts, there are also JavaScrip and <a href=\"https:\/\/blog.threattrack.com\/ransomware-packed-into-wsf-spam\/\">wsf script\u00a0<\/a>downloaders.<\/p>\n<p><a href=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/URLs.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15937 size-full\" src=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/URLs.png\" sizes=\"(max-width: 369px) 100vw, 369px\" srcset=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/URLs.png 369w, https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/URLs-300x237.png 300w\" alt=\"zepto download links\" width=\"369\" height=\"292\" \/><\/a><\/p>\n<p>With\u00a0some twists of social engineering, creativity and advanced programming skills, cybercriminals are becoming increasingly adept at delivering Zepto and other ransomware payloads to both business and home users.<\/p>\n<p><a href=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/infected.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15939 size-full\" src=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/infected.png\" sizes=\"(max-width: 424px) 100vw, 424px\" srcset=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/infected.png 424w, https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/infected-300x135.png 300w\" alt=\"zepto infection screen\" width=\"424\" height=\"191\" \/><\/a><\/p>\n<p><strong>Prevent Ransomware Infections?<\/strong><\/p>\n<p>To prevent ransomware, we recommended you block it early from the root of its infection chain. Here are some tips:<\/p>\n<ul>\n<li>Always keep your operating system, applications and security products patched and up to date<\/li>\n<li>Take precaution when opening attachments, especially when sent by an unknown sender<\/li>\n<li>Never enable VBA macros by default for any Microsoft Office application. Some macro malwares even tell you how to enable macros or may mislead you in doing so.<\/li>\n<li>Deploy solutions that protect you from sophisticated and pervasive threats like ransomware, including <a class=\"external\" href=\"https:\/\/www.vipreantivirus.com\/business\/endpoint-security.aspx\" target=\"_blank;do_not_match_current_window_name;_ga=GA1.2.1518663524.1461084063;__roit=0;_ga=GA1.2.1518663524.1461084063;__roiNonDirect=true;;do_not_match_current_window_name;_ga=GA1.2.1518663524.1461084063;__roit=0;_ga=GA1.2.1518663524.1461084063;__roiNonDirect=true;\" rel=\"noopener noreferrer\">advanced endpoint protection<\/a> like VIPRE Endpoint Security, a <a href=\"https:\/\/www.threattrack.com\/malware-analysis.aspx\">malware behavior analysis tool<\/a> like ThreatAnalyzer, and solutions to detect and disrupt active cyber attacks like\u00a0<a href=\"https:\/\/www.threattrack.com\/network-security-threats.aspx\">ThreatSecure<\/a><\/li>\n<li>Regularly back up your data<\/li>\n<\/ul>\n<p>VIPRE Antivirus Detections for this threat include:<\/p>\n<ul>\n<li>Trojan-Downloader.O97M.Donoff.by (v)<\/li>\n<li>Trojan-Downloader.O97M.Donoff.bu (v)<\/li>\n<li>OLE.Generic.a (v)<\/li>\n<\/ul>\n<p>Md5:<br \/>\nbb1ddad0780314a8dd51a4740727aba5<br \/>\n7e9657149c0062751c96baf00c89a57a<\/p>\n<p>Reference:<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"C2MmWiakf1\"><p><a href=\"https:\/\/blog.threattrack.com\/ransomware-packed-into-wsf-spam\/\">Zepto Ransomware Packed into WSF Spam<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" title=\"\u201cZepto Ransomware Packed into WSF Spam\u201d \u2014 ThreatTrack Security Labs Blog\" src=\"https:\/\/blog.threattrack.com\/ransomware-packed-into-wsf-spam\/embed\/#?secret=C2MmWiakf1\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" sandbox=\"allow-scripts\" data-secret=\"C2MmWiakf1\"><\/iframe><\/p>\n<p>Analysis by Daryl Tupaz<\/p>\n<p>The post <a href=\"https:\/\/blog.threattrack.com\/understanding-zepto-evasion-techniques\/\" rel=\"nofollow\">Zepto Evasion Techniques<\/a> appeared first on <a href=\"https:\/\/blog.threattrack.com\/\" rel=\"nofollow\">ThreatTrack Security Labs Blog<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~r\/threattracksecurity\/~4\/xtQsUbqXveY\" alt=\"\" width=\"1\" height=\"1\" \/><\/p>\n<\/div>\n<p class=\"wpematico_credit\"><small>Powered by <a href=\"http:\/\/www.wpematico.com\" target=\"_blank\" rel=\"noopener noreferrer\">WPeMatico<\/a><\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019ve been tracking some more spam dropping Zepto ranso [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110],"tags":[],"class_list":["post-2546","post","type-post","status-publish","format-standard","hentry","category-security-th"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Zepto Evasion Techniques - humanit managed services<\/title>\n<meta name=\"description\" content=\"We\u2019ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we\u2019re seeing infected attachments\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/old.humanit.asia\/xtqsubqxvey\/\" \/>\n<meta property=\"og:locale\" content=\"th_TH\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zepto Evasion Techniques - humanit managed services\" \/>\n<meta property=\"og:description\" content=\"We\u2019ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we\u2019re seeing infected attachments\" \/>\n<meta property=\"og:url\" content=\"https:\/\/old.humanit.asia\/xtqsubqxvey\/\" \/>\n<meta property=\"og:site_name\" content=\"humanit managed services\" \/>\n<meta property=\"article:published_time\" content=\"2016-08-24T09:08:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-22T08:01:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2.png\" \/>\n<meta name=\"author\" content=\"Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 \u0e19\u0e32\u0e17\u0e35\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/xtqsubqxvey\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/th\\\/zepto-evasion-techniques\\\/\"},\"author\":{\"name\":\"Admin\",\"@id\":\"https:\\\/\\\/old.old.humanit.asia\\\/#\\\/schema\\\/person\\\/e7a3d665ee9cc6526fb6fdc92f4eb09c\"},\"headline\":\"Zepto Evasion Techniques\",\"datePublished\":\"2016-08-24T09:08:36+00:00\",\"dateModified\":\"2019-07-22T08:01:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/th\\\/zepto-evasion-techniques\\\/\"},\"wordCount\":614,\"image\":{\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/xtqsubqxvey\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.threattrack.com\\\/wp-content\\\/uploads\\\/2016\\\/08\\\/vb1-2.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"th\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/th\\\/zepto-evasion-techniques\\\/\",\"url\":\"https:\\\/\\\/old.humanit.asia\\\/xtqsubqxvey\\\/\",\"name\":\"Zepto Evasion Techniques - humanit managed services\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/old.old.humanit.asia\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/xtqsubqxvey\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/xtqsubqxvey\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.threattrack.com\\\/wp-content\\\/uploads\\\/2016\\\/08\\\/vb1-2.png\",\"datePublished\":\"2016-08-24T09:08:36+00:00\",\"dateModified\":\"2019-07-22T08:01:34+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/old.old.humanit.asia\\\/#\\\/schema\\\/person\\\/e7a3d665ee9cc6526fb6fdc92f4eb09c\"},\"description\":\"We\u2019ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we\u2019re seeing infected attachments\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/xtqsubqxvey\\\/#breadcrumb\"},\"inLanguage\":\"th\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/old.humanit.asia\\\/xtqsubqxvey\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"th\",\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/xtqsubqxvey\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.threattrack.com\\\/wp-content\\\/uploads\\\/2016\\\/08\\\/vb1-2.png\",\"contentUrl\":\"https:\\\/\\\/blog.threattrack.com\\\/wp-content\\\/uploads\\\/2016\\\/08\\\/vb1-2.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/old.humanit.asia\\\/xtqsubqxvey\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/old.humanit.asia\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Zepto Evasion Techniques\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/old.old.humanit.asia\\\/#website\",\"url\":\"https:\\\/\\\/old.old.humanit.asia\\\/\",\"name\":\"humanit managed services\",\"description\":\"making technology easy\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/old.old.humanit.asia\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"th\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/old.old.humanit.asia\\\/#\\\/schema\\\/person\\\/e7a3d665ee9cc6526fb6fdc92f4eb09c\",\"name\":\"Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"th\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2d8f90c345033af4c0eb51ef25202eced8799a4331f9c232149e984d2570105b?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2d8f90c345033af4c0eb51ef25202eced8799a4331f9c232149e984d2570105b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2d8f90c345033af4c0eb51ef25202eced8799a4331f9c232149e984d2570105b?s=96&d=mm&r=g\",\"caption\":\"Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zepto Evasion Techniques - humanit managed services","description":"We\u2019ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we\u2019re seeing infected attachments","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/old.humanit.asia\/xtqsubqxvey\/","og_locale":"th_TH","og_type":"article","og_title":"Zepto Evasion Techniques - humanit managed services","og_description":"We\u2019ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we\u2019re seeing infected attachments","og_url":"https:\/\/old.humanit.asia\/xtqsubqxvey\/","og_site_name":"humanit managed services","article_published_time":"2016-08-24T09:08:36+00:00","article_modified_time":"2019-07-22T08:01:34+00:00","og_image":[{"url":"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2.png","type":"","width":"","height":""}],"author":"Admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Admin","Est. reading time":"3 \u0e19\u0e32\u0e17\u0e35"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/old.humanit.asia\/xtqsubqxvey\/#article","isPartOf":{"@id":"https:\/\/old.humanit.asia\/th\/zepto-evasion-techniques\/"},"author":{"name":"Admin","@id":"https:\/\/old.old.humanit.asia\/#\/schema\/person\/e7a3d665ee9cc6526fb6fdc92f4eb09c"},"headline":"Zepto Evasion Techniques","datePublished":"2016-08-24T09:08:36+00:00","dateModified":"2019-07-22T08:01:34+00:00","mainEntityOfPage":{"@id":"https:\/\/old.humanit.asia\/th\/zepto-evasion-techniques\/"},"wordCount":614,"image":{"@id":"https:\/\/old.humanit.asia\/xtqsubqxvey\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2.png","articleSection":["Security"],"inLanguage":"th"},{"@type":"WebPage","@id":"https:\/\/old.humanit.asia\/th\/zepto-evasion-techniques\/","url":"https:\/\/old.humanit.asia\/xtqsubqxvey\/","name":"Zepto Evasion Techniques - humanit managed services","isPartOf":{"@id":"https:\/\/old.old.humanit.asia\/#website"},"primaryImageOfPage":{"@id":"https:\/\/old.humanit.asia\/xtqsubqxvey\/#primaryimage"},"image":{"@id":"https:\/\/old.humanit.asia\/xtqsubqxvey\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2.png","datePublished":"2016-08-24T09:08:36+00:00","dateModified":"2019-07-22T08:01:34+00:00","author":{"@id":"https:\/\/old.old.humanit.asia\/#\/schema\/person\/e7a3d665ee9cc6526fb6fdc92f4eb09c"},"description":"We\u2019ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we\u2019re seeing infected attachments","breadcrumb":{"@id":"https:\/\/old.humanit.asia\/xtqsubqxvey\/#breadcrumb"},"inLanguage":"th","potentialAction":[{"@type":"ReadAction","target":["https:\/\/old.humanit.asia\/xtqsubqxvey\/"]}]},{"@type":"ImageObject","inLanguage":"th","@id":"https:\/\/old.humanit.asia\/xtqsubqxvey\/#primaryimage","url":"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2.png","contentUrl":"https:\/\/blog.threattrack.com\/wp-content\/uploads\/2016\/08\/vb1-2.png"},{"@type":"BreadcrumbList","@id":"https:\/\/old.humanit.asia\/xtqsubqxvey\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/old.humanit.asia\/"},{"@type":"ListItem","position":2,"name":"Zepto Evasion Techniques"}]},{"@type":"WebSite","@id":"https:\/\/old.old.humanit.asia\/#website","url":"https:\/\/old.old.humanit.asia\/","name":"humanit managed services","description":"making technology easy","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/old.old.humanit.asia\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"th"},{"@type":"Person","@id":"https:\/\/old.old.humanit.asia\/#\/schema\/person\/e7a3d665ee9cc6526fb6fdc92f4eb09c","name":"Admin","image":{"@type":"ImageObject","inLanguage":"th","@id":"https:\/\/secure.gravatar.com\/avatar\/2d8f90c345033af4c0eb51ef25202eced8799a4331f9c232149e984d2570105b?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2d8f90c345033af4c0eb51ef25202eced8799a4331f9c232149e984d2570105b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2d8f90c345033af4c0eb51ef25202eced8799a4331f9c232149e984d2570105b?s=96&d=mm&r=g","caption":"Admin"}}]}},"_links":{"self":[{"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/posts\/2546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/comments?post=2546"}],"version-history":[{"count":2,"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/posts\/2546\/revisions"}],"predecessor-version":[{"id":2868,"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/posts\/2546\/revisions\/2868"}],"wp:attachment":[{"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/media?parent=2546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/categories?post=2546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/old.humanit.asia\/th\/wp-json\/wp\/v2\/tags?post=2546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}