{"id":5768,"date":"2020-12-15T12:40:46","date_gmt":"2020-12-15T20:40:46","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5768"},"modified":"2024-04-26T13:21:03","modified_gmt":"2024-04-26T20:21:03","slug":"avemaria-rat-malspam-campaign","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/","title":{"rendered":"AveMaria RAT Malspam Campaign"},"content":{"rendered":"

Author: Yadu Nadh
\nTLP: WHITE<\/p>\n

Between 2 and 7 December, Infoblox observed a malicious email campaign distributing the AveMaria remote access trojan (RAT). In this campaign, threat actor(s) used subjects referencing text message logs to lure users into opening a malicious Rich Text Format (RTF) file attachment that was disguised as a Microsoft Word document (DOC).<\/p>\n

We previously reported on an AveMaria campaign in April 2019 that used shipping lures and contained similar malicious DOC files.1<\/sup><\/p>\n

Cyber security company Yoroi first reported on AveMaria in early 2019.2<\/sup> It is a RAT with information-stealing abilities and has often been distributed via malicious email campaigns. The malware\u2019s other capabilities include communicating with a command and control (C&C) server, downloading and executing additional malware, bypassing Windows User Access Control (UAC), and others.<\/p>\n

In this campaign, threat actor(s) sent emails with the subject line SMS Logs-Nov 2020<\/em>. The body of the emails instructed the recipients to verify the payment that was sent.<\/p>\n

Infoblox\u2019s full report on this campaign will be available soon on our\u00a0Threat Intelligence Reports<\/a> page.<\/p>\n

Endnotes<\/strong><\/p>\n

    \n
  1. https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence–11<\/a><\/li>\n
  2. https:\/\/yoroi.company\/research\/the-ave_maria-malware\/<\/a><\/li>\n<\/ol>\n

     <\/p>\n","protected":false},"excerpt":{"rendered":"

    Author: Yadu Nadh TLP: WHITE Between 2 and 7 December, Infoblox observed a malicious email campaign distributing the AveMaria remote access trojan (RAT). In this campaign, threat actor(s) used subjects referencing text message logs to lure users into opening a malicious Rich Text Format (RTF) file attachment that was disguised as a Microsoft Word document […]<\/p>\n","protected":false},"author":397,"featured_media":5679,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[378,294],"class_list":{"0":"post-5768","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-avemaria-rat","9":"tag-malspam","10":"entry"},"acf":[],"yoast_head":"\nAveMaria RAT Malspam Campaign<\/title>\n<meta name=\"description\" content=\"AveMaria RAT Malspam Campaign, Between 2 and 7 December, Infoblox observed a malicious email campaign distributing the AveMaria remote access trojan (RAT). In this campaign, threat actor(s) used subjects referencing text message logs to lure users into opening a malicious Rich Text Format (RTF) file attachment that was disguised as a Microsoft Word document (DOC).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AveMaria RAT Malspam Campaign\" \/>\n<meta property=\"og:description\" content=\"AveMaria RAT Malspam Campaign, Between 2 and 7 December, Infoblox observed a malicious email campaign distributing the AveMaria remote access trojan (RAT). In this campaign, threat actor(s) used subjects referencing text message logs to lure users into opening a malicious Rich Text Format (RTF) file attachment that was disguised as a Microsoft Word document (DOC).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-15T20:40:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:21:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png\" \/>\n\t<meta property=\"og:image:width\" content=\"457\" \/>\n\t<meta property=\"og:image:height\" content=\"316\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"AveMaria RAT Malspam Campaign\",\"datePublished\":\"2020-12-15T20:40:46+00:00\",\"dateModified\":\"2024-04-26T20:21:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/\"},\"wordCount\":193,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"keywords\":[\"AveMaria RAT\",\"Malspam\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/\",\"name\":\"AveMaria RAT Malspam Campaign\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"datePublished\":\"2020-12-15T20:40:46+00:00\",\"dateModified\":\"2024-04-26T20:21:03+00:00\",\"description\":\"AveMaria RAT Malspam Campaign, Between 2 and 7 December, Infoblox observed a malicious email campaign distributing the AveMaria remote access trojan (RAT). In this campaign, threat actor(s) used subjects referencing text message logs to lure users into opening a malicious Rich Text Format (RTF) file attachment that was disguised as a Microsoft Word document (DOC).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"width\":457,\"height\":316},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/avemaria-rat-malspam-campaign\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"AveMaria RAT Malspam Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"AveMaria RAT Malspam Campaign","description":"AveMaria RAT Malspam Campaign, Between 2 and 7 December, Infoblox observed a malicious email campaign distributing the AveMaria remote access trojan (RAT). In this campaign, threat actor(s) used subjects referencing text message logs to lure users into opening a malicious Rich Text Format (RTF) file attachment that was disguised as a Microsoft Word document (DOC).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/","og_locale":"en_US","og_type":"article","og_title":"AveMaria RAT Malspam Campaign","og_description":"AveMaria RAT Malspam Campaign, Between 2 and 7 December, Infoblox observed a malicious email campaign distributing the AveMaria remote access trojan (RAT). In this campaign, threat actor(s) used subjects referencing text message logs to lure users into opening a malicious Rich Text Format (RTF) file attachment that was disguised as a Microsoft Word document (DOC).","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/","og_site_name":"Infoblox Blog","article_published_time":"2020-12-15T20:40:46+00:00","article_modified_time":"2024-04-26T20:21:03+00:00","og_image":[{"width":457,"height":316,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","type":"image\/png"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"AveMaria RAT Malspam Campaign","datePublished":"2020-12-15T20:40:46+00:00","dateModified":"2024-04-26T20:21:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/"},"wordCount":193,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","keywords":["AveMaria RAT","Malspam"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/","name":"AveMaria RAT Malspam Campaign","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","datePublished":"2020-12-15T20:40:46+00:00","dateModified":"2024-04-26T20:21:03+00:00","description":"AveMaria RAT Malspam Campaign, Between 2 and 7 December, Infoblox observed a malicious email campaign distributing the AveMaria remote access trojan (RAT). In this campaign, threat actor(s) used subjects referencing text message logs to lure users into opening a malicious Rich Text Format (RTF) file attachment that was disguised as a Microsoft Word document (DOC).","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","width":457,"height":316},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/avemaria-rat-malspam-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"AveMaria RAT Malspam Campaign"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5768"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5768\/revisions"}],"predecessor-version":[{"id":5769,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5768\/revisions\/5769"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/5679"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}