{"id":21794,"date":"2025-02-07T20:03:46","date_gmt":"2025-02-07T23:03:46","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=21794"},"modified":"2025-02-17T12:11:15","modified_gmt":"2025-02-17T15:11:15","slug":"sites-falsos-do-google-chrome-distribuem-malware-valleyrat","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/02\/exploits\/sites-falsos-do-google-chrome-distribuem-malware-valleyrat\/","title":{"rendered":"Sites falsos do Google Chrome distribuem malware ValleyRAT"},"content":{"rendered":"\n<p class=\"story-title\"><strong>Sites falsos do Google Chrome distribuem malware ValleyRAT por meio de sequestro de DLL<\/strong><\/p>\n<p style=\"text-align: justify;\">Recentemente, sites falsos que se passam por p\u00e1ginas de download do Google Chrome t\u00eam sido usados para distribuir instaladores maliciosos de um\u00a0<strong>RAT (Remote Access Trojan)<\/strong>\u00a0chamado\u00a0<strong>ValleyRAT<\/strong>. Esse malware, detectado pela primeira vez em 2023, \u00e9 atribu\u00eddo a um grupo de amea\u00e7as conhecido como\u00a0<strong>Silver Fox<\/strong>, que tem como alvo principal regi\u00f5es de l\u00edngua chinesa, como Hong Kong, Taiwan e a China continental. O ValleyRAT \u00e9 capaz de monitorar o conte\u00fado da tela, registrar pressionamentos de teclas e estabelecer persist\u00eancia no sistema infectado.<\/p>\n<p style=\"text-align: justify;\">Neste artigo, vamos explorar como o ValleyRAT \u00e9 distribu\u00eddo, como ele funciona e, principalmente, como voc\u00ea pode usar\u00a0scripts em Python\u00a0para mitigar esse tipo de amea\u00e7a. Vamos fornecer exemplos pr\u00e1ticos de como detectar e bloquear atividades suspeitas relacionadas a\u00a0<strong>DLL hijacking<\/strong>\u00a0e outros comportamentos maliciosos.<\/p>\n<p>\u00a0<\/p>\n<p><strong>Como o ValleyRAT \u00e9 distribu\u00eddo?<\/strong><\/p>\n<p style=\"text-align: justify;\">O ValleyRAT \u00e9 distribu\u00eddo por meio de sites falsos que se passam por p\u00e1ginas de download do Google Chrome. O processo de infec\u00e7\u00e3o envolve as seguintes etapas:<\/p>\n<ul>\n<li>\n<p><strong>Engenharia Social<\/strong>: Os usu\u00e1rios s\u00e3o enganados para acessar um site falso e baixar um arquivo ZIP contendo um instalador malicioso (&#8220;Setup.exe&#8221;).<\/p>\n<\/li>\n<li>\n<p><strong>Execu\u00e7\u00e3o do Instalador<\/strong>: O instalador verifica se tem privil\u00e9gios de administrador e, em seguida, baixa quatro cargas \u00fateis adicionais.<\/p>\n<\/li>\n<li>\n<p><strong>DLL Hijacking<\/strong>: Uma DLL maliciosa (&#8220;tier0.dll&#8221;) \u00e9 carregada por meio de um execut\u00e1vel leg\u00edtimo (&#8220;Douyin.exe&#8221;, a vers\u00e3o chinesa do TikTok).<\/p>\n<\/li>\n<li>\n<p><strong>Execu\u00e7\u00e3o do ValleyRAT<\/strong>: A DLL maliciosa inicia o ValleyRAT, que se comunica com um servidor remoto para receber comandos adicionais.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Comportamento do ValleyRAT<\/strong><\/p>\n<p>O ValleyRAT \u00e9 escrito em C++ e possui as seguintes capacidades:<\/p>\n<ul>\n<li>\n<p><strong>Monitoramento de tela<\/strong>: Captura o conte\u00fado da tela do usu\u00e1rio.<\/p>\n<\/li>\n<li>\n<p><strong>Keylogging<\/strong>: Registra pressionamentos de teclas.<\/p>\n<\/li>\n<li>\n<p><strong>Persist\u00eancia<\/strong>: Garante que o malware permane\u00e7a ativo ap\u00f3s reinicializa\u00e7\u00f5es.<\/p>\n<\/li>\n<li>\n<p><strong>Comunica\u00e7\u00e3o Remota<\/strong>: Conecta-se a um servidor C2 (Command and Control) para receber instru\u00e7\u00f5es.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj06kelZnpiQ4AUhe0VKOb-kFGUbP9l5nIDUEU-zxnay91c_Npz7QhFzvxjW5dcqx-LeaZJBZsbcldyBnwRCGEgtbWeY8qcSTM-kozcoTDbYyzngCtHTuUJNAQy0i9YLE0BdMkKN8opw7m8-Ih7_IOEWGFxcO1GOX3Kh4yvB5o0Z1bC1BCup_hQ7JFKFgxX\/s728-rw-e365\/hacking.png\" alt=\"Sites falsos do Google Chrome\" width=\"609\" height=\"318\" \/><\/p>\n<p>\u00a0<\/p>\n<p><strong>Mitiga\u00e7\u00e3o com Python<\/strong><\/p>\n<p style=\"text-align: justify;\">Abaixo, vamos criar scripts em Python para detectar e mitigar atividades suspeitas relacionadas ao ValleyRAT, como\u00a0DLL hijacking\u00a0e\u00a0comunica\u00e7\u00e3o com servidores remotos.<\/p>\n<p>\u00a0<\/p>\n<p><strong>1.\u00a0Detec\u00e7\u00e3o de DLL Hijacking<\/strong><\/p>\n<p>O ValleyRAT usa DLL hijacking para carregar uma DLL maliciosa. Podemos criar um script para monitorar a carga de DLLs em processos suspeitos.<\/p>\n<p><strong>Script de Monitoramento de DLLs<\/strong><\/p>\n<div class=\"md-code-block\">\n<pre><strong><span class=\"token keyword\">import<\/span> os\n<span class=\"token keyword\">import<\/span> psutil\n\n<span class=\"token comment\"># Lista de DLLs leg\u00edtimas associadas a processos conhecidos<\/span>\ndlls_legitimas <span class=\"token operator\">=<\/span> <span class=\"token punctuation\">{<\/span>\n    <span class=\"token string\">\"chrome.exe\"<\/span><span class=\"token punctuation\">:<\/span> <span class=\"token punctuation\">[<\/span><span class=\"token string\">\"chrome_elf.dll\"<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token string\">\"v8.dll\"<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">,<\/span>\n    <span class=\"token string\">\"douyin.exe\"<\/span><span class=\"token punctuation\">:<\/span> <span class=\"token punctuation\">[<\/span><span class=\"token string\">\"tier0.dll\"<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token string\">\"sscronet.dll\"<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">,<\/span>  <span class=\"token comment\"># Exemplo de DLLs leg\u00edtimas<\/span>\n<span class=\"token punctuation\">}<\/span>\n\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">monitorar_dlls<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token keyword\">for<\/span> processo <span class=\"token keyword\">in<\/span> psutil<span class=\"token punctuation\">.<\/span>process_iter<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">[<\/span><span class=\"token string\">'pid'<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token string\">'name'<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">try<\/span><span class=\"token punctuation\">:<\/span>\n            nome_processo <span class=\"token operator\">=<\/span> processo<span class=\"token punctuation\">.<\/span>info<span class=\"token punctuation\">[<\/span><span class=\"token string\">'name'<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">.<\/span>lower<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n            <span class=\"token keyword\">if<\/span> nome_processo <span class=\"token keyword\">in<\/span> dlls_legitimas<span class=\"token punctuation\">:<\/span>\n                dlls_carregadas <span class=\"token operator\">=<\/span> processo<span class=\"token punctuation\">.<\/span>memory_maps<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n                <span class=\"token keyword\">for<\/span> dll <span class=\"token keyword\">in<\/span> dlls_carregadas<span class=\"token punctuation\">:<\/span>\n                    <span class=\"token keyword\">if<\/span> dll<span class=\"token punctuation\">.<\/span>path<span class=\"token punctuation\">.<\/span>lower<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">not<\/span> <span class=\"token keyword\">in<\/span> dlls_legitimas<span class=\"token punctuation\">[<\/span>nome_processo<span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">:<\/span>\n                        <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ALERTA] DLL suspeita carregada por <br \/><\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>nome_processo<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">: <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>dll<span class=\"token punctuation\">.<\/span>path<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n        <span class=\"token keyword\">except<\/span> <span class=\"token punctuation\">(<\/span>psutil<span class=\"token punctuation\">.<\/span>NoSuchProcess<span class=\"token punctuation\">,<\/span> psutil<span class=\"token punctuation\">.<\/span>AccessDenied<span class=\"token punctuation\">,<\/span> psutil<span class=\"token punctuation\">.<\/span>ZombieProcess<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n            <span class=\"token keyword\">continue<\/span>\n\n<span class=\"token keyword\">if<\/span> __name__ <span class=\"token operator\">==<\/span> <span class=\"token string\">\"__main__\"<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"[*] Iniciando monitoramento de DLLs...\"<\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token keyword\">while<\/span> <span class=\"token boolean\">True<\/span><span class=\"token punctuation\">:<\/span>\n        monitorar_dlls<span class=\"token punctuation\">(<\/span><\/strong><span class=\"token punctuation\"><strong>)<br \/><br \/><br \/><\/strong><\/span><\/pre>\n<p><strong>Como funciona?<\/strong><\/p>\n<ul>\n<li>\n<p>O script monitora os processos em execu\u00e7\u00e3o e verifica se DLLs suspeitas est\u00e3o sendo carregadas.<\/p>\n<\/li>\n<li>\n<p>Se uma DLL n\u00e3o estiver na lista de DLLs leg\u00edtimas para um processo espec\u00edfico, um alerta \u00e9 gerado.<\/p>\n<\/li>\n<\/ul>\n<\/div>\n<p>\u00a0<\/p>\n<p><strong>2.\u00a0Bloqueio de comunica\u00e7\u00e3o com servidores remotos<\/strong><\/p>\n<p>O ValleyRAT se comunica com um servidor remoto para receber comandos. Podemos criar um script para bloquear conex\u00f5es suspeitas.<\/p>\n<p><strong>Script de bloqueio de conex\u00f5es<\/strong><\/p>\n<pre><strong><span class=\"token keyword\">import<\/span> psutil\n<span class=\"token keyword\">import<\/span> socket\n\n<span class=\"token comment\"># Lista de IPs suspeitos (exemplo)<\/span>\nips_suspeitos <span class=\"token operator\">=<\/span> <span class=\"token punctuation\">[<\/span><span class=\"token string\">\"192.168.1.100\"<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token string\">\"10.0.0.1\"<\/span><span class=\"token punctuation\">]<\/span>\n\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">bloquear_conexoes_suspeitas<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token keyword\">for<\/span> conexao <span class=\"token keyword\">in<\/span> psutil<span class=\"token punctuation\">.<\/span>net_connections<span class=\"token punctuation\">(<\/span>kind<span class=\"token operator\">=<\/span><span class=\"token string\">'inet'<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">if<\/span> conexao<span class=\"token punctuation\">.<\/span>status <span class=\"token operator\">==<\/span> <span class=\"token string\">'ESTABLISHED'<\/span><span class=\"token punctuation\">:<\/span>\n            ip_remoto <span class=\"token operator\">=<\/span> conexao<span class=\"token punctuation\">.<\/span>raddr<span class=\"token punctuation\">.<\/span>ip\n            <span class=\"token keyword\">if<\/span> ip_remoto <span class=\"token keyword\">in<\/span> ips_suspeitos<span class=\"token punctuation\">:<\/span>\n                <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ALERTA] Conex\u00e3o suspeita detectada com <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>ip_remoto<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n                <span class=\"token comment\"># Bloqueia a conex\u00e3o (exemplo usando iptables no Linux)<\/span>\n                os<span class=\"token punctuation\">.<\/span>system<span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"iptables -A INPUT -s <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>ip_remoto<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\"> -j DROP\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n                <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[INFO] Conex\u00e3o com <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>ip_remoto<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\"> bloqueada.\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token keyword\">if<\/span> __name__ <span class=\"token operator\">==<\/span> <span class=\"token string\">\"__main__\"<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"[*] Iniciando monitoramento de conex\u00f5es...\"<\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token keyword\">while<\/span> <span class=\"token boolean\">True<\/span><span class=\"token punctuation\">:<\/span>\n        bloquear_conexoes_suspeitas<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<br \/><br \/><br \/><\/span><\/strong><\/pre>\n<p><strong>Como funciona?<\/strong><\/p>\n<ul>\n<li>\n<p>O script monitora conex\u00f5es de rede ativas.<\/p>\n<\/li>\n<li>\n<p>Se uma conex\u00e3o for detectada com um IP suspeito, ele bloqueia a conex\u00e3o usando\u00a0<code>iptables<\/code>\u00a0(no Linux).<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p>3.\u00a0<strong>Detec\u00e7\u00e3o de keyloggers<\/strong><\/p>\n<p style=\"text-align: justify;\">O ValleyRAT inclui funcionalidades de keylogging. Podemos criar um script para detectar processos suspeitos que acessam o teclado.<\/p>\n<p><strong>Script de detec\u00e7\u00e3o de keyloggers<\/strong><\/p>\n<pre><strong><span class=\"token keyword\">import<\/span> psutil\n\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">detectar_keyloggers<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token keyword\">for<\/span> processo <span class=\"token keyword\">in<\/span> psutil<span class=\"token punctuation\">.<\/span>process_iter<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">[<\/span><span class=\"token string\">'pid'<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token string\">'name'<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">try<\/span><span class=\"token punctuation\">:<\/span>\n            nome_processo <span class=\"token operator\">=<\/span> processo<span class=\"token punctuation\">.<\/span>info<span class=\"token punctuation\">[<\/span><span class=\"token string\">'name'<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">.<\/span>lower<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n            <span class=\"token keyword\">if<\/span> <span class=\"token string\">\"keylogger\"<\/span> <span class=\"token keyword\">in<\/span> nome_processo <span class=\"token keyword\">or<\/span> <span class=\"token string\">\"rat\"<\/span> <span class=\"token keyword\">in<\/span> nome_processo<span class=\"token punctuation\">:<\/span>\n                <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ALERTA] Processo suspeito detectado: <br \/><\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>nome_processo<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\"> (PID: <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>processo<span class=\"token punctuation\">.<\/span>info<span class=\"token punctuation\">[<\/span><span class=\"token string\">'pid'<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">)\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n        <span class=\"token keyword\">except<\/span> <span class=\"token punctuation\">(<\/span>psutil<span class=\"token punctuation\">.<\/span>NoSuchProcess<span class=\"token punctuation\">,<\/span> psutil<span class=\"token punctuation\">.<\/span>AccessDenied<span class=\"token punctuation\">,<\/span> psutil<span class=\"token punctuation\">.<\/span>ZombieProcess<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n            <span class=\"token keyword\">continue<\/span>\n\n<span class=\"token keyword\">if<\/span> __name__ <span class=\"token operator\">==<\/span> <span class=\"token string\">\"__main__\"<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"[*] Iniciando detec\u00e7\u00e3o de keyloggers...\"<\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token keyword\">while<\/span> <span class=\"token boolean\">True<\/span><span class=\"token punctuation\">:<\/span>\n        detectar_keyloggers<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<br \/><br \/><br \/><\/span><\/strong><\/pre>\n<p><strong>Como Funciona?<\/strong><\/p>\n<ul>\n<li>\n<p>O script verifica se h\u00e1 processos com nomes suspeitos, como &#8220;keylogger&#8221; ou &#8220;rat&#8221;.<\/p>\n<\/li>\n<li>\n<p>Se um processo suspeito for detectado, um alerta \u00e9 gerado.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\">O ValleyRAT \u00e9 uma amea\u00e7a sofisticada que usa t\u00e9cnicas como\u00a0DLL hijacking\u00a0e\u00a0comunica\u00e7\u00e3o remota\u00a0para comprometer sistemas. No entanto, com scripts de monitoramento e mitiga\u00e7\u00e3o em Python, \u00e9 poss\u00edvel detectar e bloquear atividades suspeitas antes que causem danos.<\/p>\n<p style=\"text-align: justify;\">Lembre-se de que a seguran\u00e7a cibern\u00e9tica \u00e9 um processo cont\u00ednuo. Mantenha seus sistemas atualizados, eduque os usu\u00e1rios sobre os riscos de engenharia social e use ferramentas de detec\u00e7\u00e3o e resposta para proteger sua infraestrutura.<\/p>\n<p>\u00a0<\/p>\n<p>Fonte e imagens: <a href=\"https:\/\/thehackernews.com\/2025\/02\/fake-google-chrome-sites-distribute.html\" target=\"_blank\" rel=\"noopener\">https:\/\/thehackernews.com\/2025\/02\/fake-google-chrome-sites-distribute.html<\/a><\/p>\n<pre><strong><span class=\"token punctuation\">\u00a0<\/span><\/strong><\/pre>\n<pre><strong><span class=\"token punctuation\">\u00a0<\/span><\/strong><\/pre>\n<p>\u00a0<\/p>\n<div class=\"md-code-block\">\n<pre><span class=\"token punctuation\"><br \/><br \/><br \/><\/span><\/pre>\n<\/div>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Sites falsos do Google Chrome distribuem malware ValleyRAT por meio de sequestro de DLL Recentemente, sites falsos que se passam por p\u00e1ginas de download do Google Chrome t\u00eam sido usados para distribuir instaladores maliciosos de um\u00a0RAT (Remote Access Trojan)\u00a0chamado\u00a0ValleyRAT. Esse malware, detectado pela primeira vez em 2023, \u00e9 atribu\u00eddo a um grupo de amea\u00e7as conhecido [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":21800,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-21794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=21794"}],"version-history":[{"count":5,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21794\/revisions"}],"predecessor-version":[{"id":21799,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21794\/revisions\/21799"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/21800"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=21794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=21794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=21794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}