{"id":228654,"date":"2024-12-30T16:49:26","date_gmt":"2024-12-30T15:49:26","guid":{"rendered":"https:\/\/www.intrinsec.com\/?p=228654"},"modified":"2026-01-09T13:49:10","modified_gmt":"2026-01-09T13:49:10","slug":"cryptbot-hunting-for-initial-access-vector","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/cryptbot-hunting-for-initial-access-vector\/","title":{"rendered":"CryptBot: Hunting for initial access vector"},"content":{"rendered":"<h4>Key findings<\/h4>\n<ul>\n<li style=\"text-align: justify;\"><strong>CryptBot<\/strong> continues to be deployed mainly from websites offering <strong>fake cracked software<\/strong> and\u201c<strong>Pay-Per-Install<\/strong>\u201d&quot;solutions like <strong>PrivateLoader<\/strong> (also known as \u201c<strong>InstallsKey<\/strong>\u201d on Telegram) or the now defunct <strong>360Installer<\/strong>.<\/li>\n<\/ul>\n<ul>\n<li style=\"text-align: justify;\">By searching for the <strong>Matomo tracking script<\/strong> used by the threat actor to get web statistics measurement on its campaigns, we were able to retrieve <strong>every domain<\/strong> that hosted CryptBot throughout time and the ones currently hosting it. We also found that in some cases, those domains were redirecting to <strong>Lumma<\/strong> payloads loaded by <strong>HijackLoader<\/strong> depending on the URL the user was originating from.<\/li>\n<\/ul>\n<ul>\n<li style=\"text-align: justify;\">Through the analysis of the websites offering infected versions of cracked software, we were able to <strong>pivot<\/strong> on certain OPSEC errors made during their setup to find <strong>additional malicious websites<\/strong> with the same purpose of distributing CryptBot.<\/li>\n<\/ul>\n<ul>\n<li style=\"text-align: justify;\">Both CryptBot and PrivateLoader continue to use <strong>bulletproof<\/strong><strong> hosting solutions <\/strong>such as the infamous <em>\u201cAeza International Ltd\u201d <\/em>and\u201c<em>Karina Rashkovska<\/em>\u201d&quot; to host their phishing pages, command-and-control panels, and malware payloads overall. We notably highlight how \u201c<em>Psb Hosting Ltd<\/em>\u201d, a company based in the United Kingdom and run by a Russian individual, now possesses an IPv4 range previously owned by <em>Karina Rashkovska,<\/em> and how this company promotes its bulletproof hosting capacities on underground forums.<\/li>\n<li style=\"text-align: justify;\">Tea <strong>Amadey<\/strong> cluster hosted by the Seychellois autonomous system \u201c<em>1337TEAM LIMITED<\/em>\u201d that was first analyzed by <em>Team Cymru<\/em>\u2019&#039;s threat research team in September 2022, continues its activities with the latest version of the malware (version <strong>41<\/strong>), to push additional payloads including <strong>CryptBot<\/strong>, <strong>Lumma<\/strong>, <strong>Redline<\/strong> and <strong>Stealc<\/strong>.<\/li>\n<\/ul>\n<h4>Introduction<\/h4>\n<p style=\"text-align: justify;\">First discovered in 2019, <strong>CryptBot<\/strong> is a 32-bit infostealer designed to exfiltrate various sensitive information from an infected system and eventually later sell them to other threat actors as initial access vectors for more complex data breach campaigns. Its main spreading technique is based on the distribution of infected cracked versions of commonly used software. In a lesser volume, CryptBot also relies on other threat actors to expend its botnet of infected machines like for example the \u201c<strong>Pay-Per-Install<\/strong>\u201dservice named\u201c<strong>InstallKeys<\/strong>\u201d still active on Telegram, that offers access to the machines it infects through its personal malware named <strong>PrivateLoader<\/strong>. In addition to this service, Mandiant discovered in August 2024 that \u201c<strong>PeakLight<\/strong>\u201d, a memory-only dropper spreading through fake video files, was used to deploy CryptBot along other malware such as LummaC2 and ShadowLadder.<\/p>\n<p style=\"text-align: justify;\">Regarding other deployments of the malware, Mandiant assessed with moderate confidence in 2021 that the <strong>state-sponsored Russian intrusion set<\/strong> <strong>APT29<\/strong> used logs stolen by CryptBot operators to gain a foothold in the system of a targeted entity. As CryptBot is designed to steal the user content of some internet browsers including <strong>Google Chrome<\/strong>, <em>Google<\/em> decided to file a complaint against fifteen Pakistani individuals believed to be running the malware&#039;s \u201c<em>criminal enterprise<\/em>\u201d&quot;. Additionally, other software owned by Google such as Google Earth Pro were part of the long list of programs infected with CryptBot and advertised on these fake websites. In the complaint file provided by the Southern District court of New York, Google also mentions that infected cracked software distribution alone had led to approximately <strong>672,220<\/strong> <strong>CryptBot infections<\/strong> between 2022 and 2023. This information was corroborated by <em>Prodaft<\/em> in a tweet from August 2023, in which they mentioned that more than <strong>17 million unique devices worldwide<\/strong> had been infected by the malware in the last 5 years. Following this complaint, the court decided to grant Google the right to take down current and future domains tied to the distribution of CryptBot. Google stated that decision would \u201c<em>slow new infections from occurring and decelerate the growth of CryptBot<\/em>\u201d.<\/p>\n<p style=\"text-align: justify;\">The numbers indeed crashed to <strong>40,581 infections in 2023<\/strong> according to <em>Prodaft<\/em>. However, despite those actions, Intrinsec CTI team observed new domains registered in <strong>September 2024<\/strong> used as CryptBot C2s, or to host and deploy its payloads along additional malwares such as <strong>Lumma<\/strong>. With this report, we aim to notably present the current infrastructure leveraged by threat actors to maintain the malware, as well as the methods of distribution it presently uses to maximize the growth of its botnet<\/p>\n<h4>Intrinsec&#039;s CTI services<\/h4>\n<p style=\"text-align: justify;\">Organizations are facing a rise in the sophistication of threat actors and intrusion sets. To address these evolving threats, it is now necessary to take a proactive approach in the detection and analysis of any element deemed malicious. Such a hands-on approach allows companies to anticipate, or at least react as quickly as possible to the compromises they face.<\/p>\n<p style=\"text-align: justify;\">For this report, shared with our clients in July 2023, Intrinsec relied on its Cyber Threat Intelligence service, which provides its customers with high value-added, contextualized and actionable intelligence to understand and contain cyber threats. Our CTI team consolidates data &amp; information gathered from our security monitoring services (SOC, MDR, etc.), our incident response team (CERT-Intrinsec) and custom cyber intelligence generated by our analysts using custom heuristics, honeypots, hunting, reverse-engineering &amp; pivots.<\/p>\n<p style=\"text-align: justify;\">Intrinsec also offers various services around Cyber Threat Intelligence:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Risk anticipation: which can be leveraged to continuously adapt the detection &amp; response capabilities of our clients&#039; existing tools (EDR, XDR, SIEM, \u2026) through:\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><strong>an operational feed of IOCs based on our exclusive activities.<\/strong><\/li>\n<li><strong>threat intel notes &amp; reports, TIP-compliant.<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Digital risk monitoring:\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><strong>data leak detection &amp; remediation<\/strong><\/li>\n<li><strong>external asset security monitoring (EASM)<\/strong><\/li>\n<li><strong>brand protection<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">For more information, go to <a href=\"http:\/\/www.intrinsec.com\/en\/cyber-threat-intelligence\/\">htbqccsz.elementor.cloud\/en\/cyber-threat-intelligence\/<\/a>.<\/p>\n<p style=\"text-align: justify;\">Follow us on <a href=\"https:\/\/www.linkedin.com\/company\/intrinsec\/\">LinkedIn<\/a> and <a href=\"https:\/\/twitter.com\/Intrinsec\">X<\/a><\/p>\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Key findings CryptBot continues to be deployed mainly from websites offering fake cracked software and [\u2026]<\/p>","protected":false},"author":42,"featured_media":229526,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,11],"tags":[],"class_list":["post-228654","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-threat-intelligence","category-threat-intelligence-report"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>CryptBot: Hunting for initial access vector - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/cryptbot-hunting-for-initial-access-vector\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CryptBot: Hunting for initial access vector\" \/>\n<meta property=\"og:description\" content=\"Key findings CryptBot continues to be deployed mainly from websites offering fake cracked software and [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/cryptbot-hunting-for-initial-access-vector\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-30T15:49:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-09T13:49:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2024\/12\/Template-banner-webesite-9.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"David Sardinha\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Sardinha\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/\"},\"author\":{\"name\":\"David Sardinha\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/eef66c6c32d58bdf5504aa413ee51657\"},\"headline\":\"CryptBot: Hunting for initial access vector\",\"datePublished\":\"2024-12-30T15:49:26+00:00\",\"dateModified\":\"2026-01-09T13:49:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/\"},\"wordCount\":876,\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/Template-banner-webesite-9.png\",\"articleSection\":[\"Cyber Threat Intelligence\",\"Threat Intelligence Report\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/\",\"name\":\"CryptBot: Hunting for initial access vector - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/Template-banner-webesite-9.png\",\"datePublished\":\"2024-12-30T15:49:26+00:00\",\"dateModified\":\"2026-01-09T13:49:10+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/eef66c6c32d58bdf5504aa413ee51657\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/Template-banner-webesite-9.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/Template-banner-webesite-9.png\",\"width\":1200,\"height\":600,\"caption\":\"CryptBot\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/cryptbot-hunting-for-initial-access-vector\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CryptBot: Hunting for initial access vector\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/eef66c6c32d58bdf5504aa413ee51657\",\"name\":\"David Sardinha\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a806293ca946422859e96a7bb19eac8e5bf3e1625b9a15074f8ddb04542ea818?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a806293ca946422859e96a7bb19eac8e5bf3e1625b9a15074f8ddb04542ea818?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a806293ca946422859e96a7bb19eac8e5bf3e1625b9a15074f8ddb04542ea818?s=96&d=retro&r=g\",\"caption\":\"David Sardinha\"},\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/david-sardinha\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CryptBot: Hunting for initial access vector - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/cryptbot-hunting-for-initial-access-vector\/","og_locale":"en_US","og_type":"article","og_title":"CryptBot: Hunting for initial access vector","og_description":"Key findings CryptBot continues to be deployed mainly from websites offering fake cracked software and [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/cryptbot-hunting-for-initial-access-vector\/","og_site_name":"INTRINSEC","article_published_time":"2024-12-30T15:49:26+00:00","article_modified_time":"2026-01-09T13:49:10+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2024\/12\/Template-banner-webesite-9.png","type":"image\/png"}],"author":"David Sardinha","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Sardinha","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/"},"author":{"name":"David Sardinha","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/eef66c6c32d58bdf5504aa413ee51657"},"headline":"CryptBot: Hunting for initial access vector","datePublished":"2024-12-30T15:49:26+00:00","dateModified":"2026-01-09T13:49:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/"},"wordCount":876,"image":{"@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2024\/12\/Template-banner-webesite-9.png","articleSection":["Cyber Threat Intelligence","Threat Intelligence Report"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/","url":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/","name":"CryptBot: Hunting for initial access vector - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2024\/12\/Template-banner-webesite-9.png","datePublished":"2024-12-30T15:49:26+00:00","dateModified":"2026-01-09T13:49:10+00:00","author":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/eef66c6c32d58bdf5504aa413ee51657"},"breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/#primaryimage","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2024\/12\/Template-banner-webesite-9.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2024\/12\/Template-banner-webesite-9.png","width":1200,"height":600,"caption":"CryptBot"},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/cryptbot-hunting-for-initial-access-vector\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"CryptBot: Hunting for initial access vector"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/eef66c6c32d58bdf5504aa413ee51657","name":"David Sardinha","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a806293ca946422859e96a7bb19eac8e5bf3e1625b9a15074f8ddb04542ea818?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a806293ca946422859e96a7bb19eac8e5bf3e1625b9a15074f8ddb04542ea818?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a806293ca946422859e96a7bb19eac8e5bf3e1625b9a15074f8ddb04542ea818?s=96&d=retro&r=g","caption":"David Sardinha"},"url":"https:\/\/www.intrinsec.com\/en\/author\/david-sardinha\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/228654","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=228654"}],"version-history":[{"count":2,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/228654\/revisions"}],"predecessor-version":[{"id":229525,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/228654\/revisions\/229525"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media\/229526"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=228654"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=228654"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=228654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}