{"id":20426,"date":"2024-09-16T15:07:33","date_gmt":"2024-09-16T08:07:33","guid":{"rendered":"https:\/\/thegioifirewall.com\/?p=20373"},"modified":"2025-03-24T07:27:22","modified_gmt":"2025-03-24T07:27:22","slug":"emansrepo-stealer-chuoi-tan-cong-da-vecto","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/emansrepo-stealer-chuoi-tan-cong-da-vecto\/","title":{"rendered":"EMANSREPO STEALER: CHU\u1ed6I T\u1ea4N C\u00d4NG \u0110A VECT\u01a0"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto.png\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>N\u1ec1n t\u1ea3ng b\u1ecb \u1ea3nh h\u01b0\u1edfng:<\/strong>&nbsp;Microsoft Windows<br><strong>Ng\u01b0\u1eddi d\u00f9ng b\u1ecb \u1ea3nh h\u01b0\u1edfng:<\/strong>&nbsp;Microsoft Windows<br><strong>T\u00e1c \u0111\u1ed9ng:<\/strong>&nbsp;Th\u00f4ng tin b\u1ecb \u0111\u00e1nh c\u1eafp c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng trong t\u01b0\u01a1ng lai<br><strong>M\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng:<\/strong>&nbsp;Cao<\/p>\n\n\n\n<p>V\u00e0o th\u00e1ng 8 n\u0103m 2024, FortiGuard Labs \u0111\u00e3 ph\u00e1t hi\u1ec7n ra m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh \u0111\u00e1nh c\u1eafp th\u00f4ng tin python m\u00e0 ch\u00fang t\u00f4i g\u1ecdi l\u00e0 Emansrepo \u0111\u01b0\u1ee3c ph\u00e2n ph\u1ed1i qua email bao g\u1ed3m c\u00e1c \u0111\u01a1n \u0111\u1eb7t h\u00e0ng v\u00e0 h\u00f3a \u0111\u01a1n gi\u1ea3 m\u1ea1o. Emansrepo n\u00e9n d\u1eef li\u1ec7u t\u1eeb tr\u00ecnh duy\u1ec7t v\u00e0 t\u1ec7p c\u1ee7a n\u1ea1n nh\u00e2n theo c\u00e1c \u0111\u01b0\u1eddng d\u1eabn c\u1ee5 th\u1ec3 th\u00e0nh m\u1ed9t t\u1ec7p zip v\u00e0 g\u1eedi \u0111\u1ebfn email c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng. Theo nghi\u00ean c\u1ee9u c\u1ee7a ch\u00fang t\u00f4i, chi\u1ebfn d\u1ecbch n\u00e0y \u0111\u00e3 di\u1ec5n ra t\u1eeb th\u00e1ng 11 n\u0103m 2023.<\/p>\n\n\n\n<p>K\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 g\u1eedi m\u1ed9t email l\u1eeba \u0111\u1ea3o c\u00f3 ch\u1ee9a t\u1ec7p HTML, \u0111\u01b0\u1ee3c chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ebfn li\u00ean k\u1ebft t\u1ea3i xu\u1ed1ng Emansrepo. Bi\u1ebfn th\u1ec3 n\u00e0y \u0111\u01b0\u1ee3c \u0111\u00f3ng g\u00f3i b\u1edfi PyInstaller \u0111\u1ec3 c\u00f3 th\u1ec3 ch\u1ea1y tr\u00ean m\u00e1y t\u00ednh m\u00e0 kh\u00f4ng c\u1ea7n Python.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-1.png\" alt=\"H\u00ecnh 1: Lu\u1ed3ng t\u1ea5n c\u00f4ng v\u00e0o th\u00e1ng 11 n\u0103m 2023\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 1: Lu\u1ed3ng t\u1ea5n c\u00f4ng v\u00e0o th\u00e1ng 11 n\u0103m 2023<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-2.png\" alt=\"H\u00ecnh 2: Li\u00ean k\u1ebft t\u1ea3i xu\u1ed1ng Emansrepo \u0111\u01b0\u1ee3c nh\u00fang trong RTGS Invoices.html.\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 2: Li\u00ean k\u1ebft t\u1ea3i xu\u1ed1ng Emansrepo \u0111\u01b0\u1ee3c nh\u00fang trong RTGS Invoices.html.<\/p>\n\n\n\n<p>Theo th\u1eddi gian, lu\u1ed3ng t\u1ea5n c\u00f4ng ng\u00e0y c\u00e0ng tr\u1edf n\u00ean ph\u1ee9c t\u1ea1p h\u01a1n. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c lu\u1ed3ng t\u1ea5n c\u00f4ng m\u00e0 ch\u00fang t\u00f4i t\u00ecm th\u1ea5y v\u00e0o th\u00e1ng 7 v\u00e0 th\u00e1ng 8 n\u0103m 2024:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-3.png\" alt=\"H\u00ecnh 3: Lu\u1ed3ng t\u1ea5n c\u00f4ng v\u00e0o th\u00e1ng 8 v\u00e0 th\u00e1ng 7 n\u0103m 2024\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 3: Lu\u1ed3ng t\u1ea5n c\u00f4ng v\u00e0o th\u00e1ng 8 v\u00e0 th\u00e1ng 7 n\u0103m 2024<\/p>\n\n\n\n<p>Nhi\u1ec1u giai \u0111o\u1ea1n kh\u00e1c nhau \u0111ang \u0111\u01b0\u1ee3c th\u00eam v\u00e0o lu\u1ed3ng t\u1ea5n c\u00f4ng tr\u01b0\u1edbc khi t\u1ea3i xu\u1ed1ng Emansrepo v\u00e0 nhi\u1ec1u h\u1ed9p th\u01b0 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 nh\u1eadn c\u00e1c lo\u1ea1i d\u1eef li\u1ec7u b\u1ecb \u0111\u00e1nh c\u1eafp kh\u00e1c nhau. B\u00e0i vi\u1ebft n\u00e0y s\u1ebd cung c\u1ea5p ph\u00e2n t\u00edch chi ti\u1ebft v\u1ec1 t\u1eebng chu\u1ed7i t\u1ea5n c\u00f4ng v\u00e0 h\u00e0nh vi c\u1ee7a n\u00f3. Sau \u0111\u00f3, ch\u00fang t\u00f4i s\u1ebd cung c\u1ea5p t\u00f3m t\u1eaft nhanh v\u1ec1 chi\u1ebfn d\u1ecbch ti\u1ebfp theo.<\/p>\n\n\n\n<p><strong>Lu\u1ed3ng t\u1ea5n c\u00f4ng<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Chu\u1ed7i 1<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-4.png\" alt=\"H\u00ecnh 4: Th\u01b0 l\u1eeba \u0111\u1ea3o trong chu\u1ed7i 1 ch\u1ee9a trang t\u1ea3i xu\u1ed1ng gi\u1ea3 m\u1ea1o\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 4: Th\u01b0 l\u1eeba \u0111\u1ea3o trong chu\u1ed7i 1 ch\u1ee9a trang t\u1ea3i xu\u1ed1ng gi\u1ea3 m\u1ea1o<\/p>\n\n\n\n<p>T\u1ec7p \u0111\u00ednh k\u00e8m l\u00e0 m\u1ed9t dropper m\u00f4 ph\u1ecfng trang t\u1ea3i xu\u1ed1ng. N\u00f3 t\u1ea1o ra m\u1ed9t ph\u1ea7n t\u1eed li\u00ean k\u1ebft tr\u1ecf \u0111\u1ebfn d\u1eef li\u1ec7u c\u1ee7a Purchase-Order.7z v\u00e0 s\u1eed d\u1ee5ng ph\u01b0\u01a1ng th\u1ee9c click() \u0111\u1ec3 \u201ct\u1ea3i xu\u1ed1ng\u201d Purchase-Order.7z. S\u00e1u gi\u00e2y sau, n\u00f3 chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ebfn m\u1ed9t trang web ho\u00e0n to\u00e0n kh\u00f4ng li\u00ean quan.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-5.png\" alt=\"H\u00ecnh 5: M\u00e3 ngu\u1ed3n c\u1ee7a t\u1ec7p \u0111\u00ednh k\u00e8m\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 5: M\u00e3 ngu\u1ed3n c\u1ee7a t\u1ec7p \u0111\u00ednh k\u00e8m<\/p>\n\n\n\n<p>Purchase-Order.exe, t\u1ec7p \u0111\u01b0\u1ee3c nh\u00fang trong Purchase-Order.7z, l\u00e0 t\u1ec7p th\u1ef1c thi \u0111\u01b0\u1ee3c bi\u00ean d\u1ecbch b\u1edfi AutoIt. T\u1ec7p n\u00e0y kh\u00f4ng bao g\u1ed3m b\u1ea5t k\u1ef3 t\u1ec7p n\u00e0o v\u00e0 t\u1eadp l\u1ec7nh AutoIt x\u00e1c \u0111\u1ecbnh h\u00e0nh vi c\u1ee7a t\u1ec7p. T\u1eadp l\u1ec7nh c\u00f3 nhi\u1ec1u h\u00e0m kh\u00f4ng s\u1eed d\u1ee5ng, g\u00e2y c\u1ea3n tr\u1edf cho qu\u00e1 tr\u00ecnh ph\u00e2n t\u00edch c\u1ee7a t\u1ec7p. M\u00e3 c\u00f3 \u00fd ngh\u0129a duy nh\u1ea5t l\u00e0 t\u1ea3i preoffice.zip xu\u1ed1ng th\u01b0 m\u1ee5c Temp v\u00e0 gi\u1ea3i n\u00e9n t\u1ec7p n\u00e0y v\u00e0o % TEMP%\\PythonTemp. T\u1ec7p zip ch\u1ee9a c\u00e1c m\u00f4-\u0111un Python c\u1ea7n thi\u1ebft v\u00e0 tester.py, t\u1eadp l\u1ec7nh \u0111\u1ed9c h\u1ea1i \u0111\u1ec3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-6.png\" alt=\"H\u00ecnh 6: T\u1eadp l\u1ec7nh AutoIt t\u1ea3i xu\u1ed1ng th\u00f4ng tin \u0111\u00e1nh c\u1eafp c\u1ee7a Python\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 6: T\u1eadp l\u1ec7nh AutoIt t\u1ea3i xu\u1ed1ng th\u00f4ng tin \u0111\u00e1nh c\u1eafp c\u1ee7a Python<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Chu\u1ed7i 2<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-7.png\" alt=\"H\u00ecnh 7: Th\u01b0 l\u1eeba \u0111\u1ea3o trong chu\u1ed7i 2\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 7: Th\u01b0 l\u1eeba \u0111\u1ea3o trong chu\u1ed7i 2<\/p>\n\n\n\n<p>T\u1ec7p trong c\u00f9ng trong PO7z l\u00e0 t\u1ec7p HTA. T\u1ec7p ngu\u1ed3n c\u1ee7a n\u00f3 l\u00e0 t\u1ec7p JavaScript hi\u1ec3n th\u1ecb c\u1eeda s\u1ed5 \u1ea9n c\u00f3 t\u00ean PowerShell Script Runner v\u00e0 t\u1ea3i xu\u1ed1ng t\u1eadp l\u1ec7nh PowerShell, script.ps1, v\u1edbi VBScript cho giai \u0111o\u1ea1n ti\u1ebfp theo.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-8.png\" alt=\"H\u00ecnh 8: Thu\u1eadt to\u00e1n gi\u1ea3i m\u00e3 c\u1ee7a t\u1ec7p JavaScript v\u00e0 k\u1ebft qu\u1ea3\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 8: Thu\u1eadt to\u00e1n gi\u1ea3i m\u00e3 c\u1ee7a t\u1ec7p JavaScript v\u00e0 k\u1ebft qu\u1ea3<\/p>\n\n\n\n<p>H\u00e0nh vi c\u1ee7a script.ps1 t\u01b0\u01a1ng t\u1ef1 nh\u01b0 t\u1eadp l\u1ec7nh AutoIt trong chu\u1ed7i 1. N\u00f3 t\u1ea3i preoffice.zip v\u00e0o th\u01b0 m\u1ee5c Temp v\u00e0 gi\u1ea3i n\u00e9n v\u00e0o %TEMP%\\PythonTemp, nh\u01b0ng n\u00f3 th\u1ef1c thi Emansrepo b\u1eb1ng run.bat.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-9.png\" alt=\"H\u00ecnh 9: script.ps1 th\u1ef1c thi run.bat \u0111\u1ec3 ch\u1ea1y infostealer\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 9: script.ps1 th\u1ef1c thi run.bat \u0111\u1ec3 ch\u1ea1y infostealer<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Chu\u1ed7i 3<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-10.png\" alt=\"H\u00ecnh 10: Th\u01b0 l\u1eeba \u0111\u1ea3o trong chu\u1ed7i 3\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 10: Th\u01b0 l\u1eeba \u0111\u1ea3o trong chu\u1ed7i 3<\/p>\n\n\n\n<p>T\u1ec7p 7z trong li\u00ean k\u1ebft trong email l\u1eeba \u0111\u1ea3o c\u00f3 ch\u1ee9a t\u1ec7p l\u1ec7nh \u0111\u01b0\u1ee3c BatchShield \u1ea9n \u0111i.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-11.png\" alt=\"H\u00ecnh 11: T\u1ec7p l\u1ec7nh \u0111\u00e3 \u0111\u01b0\u1ee3c l\u00e0m t\u1ed1i ngh\u0129a\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 11: T\u1ec7p l\u1ec7nh \u0111\u00e3 \u0111\u01b0\u1ee3c l\u00e0m t\u1ed1i ngh\u0129a<\/p>\n\n\n\n<p>Sau khi gi\u1ea3i m\u00e3, ch\u00fang ta c\u00f3 th\u1ec3 th\u1ea5y r\u1eb1ng n\u00f3 kh\u00f4ng ph\u1ee9c t\u1ea1p nh\u01b0 tho\u1ea1t nh\u00ecn. N\u00f3 ch\u1ec9 c\u1ea7n t\u1ea3i xu\u1ed1ng v\u00e0 th\u1ef1c thi script.ps1 b\u1eb1ng PowerShell.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-12.png\" alt=\"H\u00ecnh 12: T\u1ec7p h\u00e0ng lo\u1ea1t \u0111\u00e3 \u0111\u01b0\u1ee3c gi\u1ea3i m\u00e3\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 12: T\u1ec7p h\u00e0ng lo\u1ea1t \u0111\u00e3 \u0111\u01b0\u1ee3c gi\u1ea3i m\u00e3<\/p>\n\n\n\n<p><strong>K\u1ebb \u0111\u00e1nh c\u1eafp th\u00f4ng tin Python<\/strong><\/p>\n\n\n\n<p>Theo email nh\u1eadn d\u1eef li\u1ec7u, h\u00e0nh vi \u0111\u00e1nh c\u1eafp th\u00f4ng tin c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c chia th\u00e0nh ba ph\u1ea7n. N\u00f3 t\u1ea1o c\u00e1c th\u01b0 m\u1ee5c \u0111\u1ec3 l\u01b0u tr\u1eef t\u1ea1m th\u1eddi d\u1eef li\u1ec7u b\u1ecb \u0111\u00e1nh c\u1eafp cho t\u1eebng ph\u1ea7n v\u00e0 x\u00f3a ch\u00fang sau khi g\u1eedi d\u1eef li\u1ec7u cho k\u1ebb t\u1ea5n c\u00f4ng. D\u1eef li\u1ec7u b\u1ecb \u0111\u00e1nh c\u1eafp \u0111\u01b0\u1ee3c \u0111\u00ednh k\u00e8m v\u00e0o email g\u1eedi cho k\u1ebb t\u1ea5n c\u00f4ng.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ph\u1ea7n 1 \u2013 Th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng v\u00e0 t\u1eadp tin v\u0103n b\u1ea3n<\/li>\n<\/ul>\n\n\n\n<p>Trong ph\u1ea7n 1, k\u1ebb \u0111\u00e1nh c\u1eafp Python s\u1ebd thu th\u1eadp d\u1eef li\u1ec7u \u0111\u0103ng nh\u1eadp, th\u00f4ng tin th\u1ebb t\u00edn d\u1ee5ng, l\u1ecbch s\u1eed web, l\u1ecbch s\u1eed t\u1ea3i xu\u1ed1ng, t\u1ef1 \u0111\u1ed9ng \u0111i\u1ec1n v\u00e0 c\u00e1c t\u1ec7p v\u0103n b\u1ea3n (nh\u1ecf h\u01a1n 0,2 MB) t\u1eeb c\u00e1c th\u01b0 m\u1ee5c Desktop, Document v\u00e0 Downloads.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>Ng\u01b0\u1eddi g\u1eedi<\/td><td>minesmtp8714@maternamedical[.]tr\u00ean c\u00f9ng<\/td><\/tr><tr><td>Ng\u01b0\u1eddi nh\u1eadn<\/td><td>minestealer8412@maternamedical[.]tr\u00ean c\u00f9ng<\/td><\/tr><tr><td>M\u1ee5c ti\u00eau<\/td><td><strong>Tr\u00ecnh duy\u1ec7t<\/strong>amigo, torch, kometa, orbitum, cent-browser, 7star, sputnik, vivaldi, google-chrome-sxs, google-chrome, epic-privacy-browser, microsoft-edge, uran, yandex, brave, iridium<\/td><\/tr><tr><td>Th\u01b0 m\u1ee5c v\u00e0 t\u1eadp tin<\/td><td><strong>%TEMP%\\Browsers:<\/strong>C\u00e1c t\u1ec7p v\u0103n b\u1ea3n (nh\u1ecf h\u01a1n 0,2 MB) \u0111\u01b0\u1ee3c sao ch\u00e9p t\u1eeb Desktop, Document, Downloads<strong>%TEMP%\\Browsers\\{t\u00ean tr\u00ecnh duy\u1ec7t}:<\/strong>Saved_Passwords.txt, Saved_Credit_Cards.txt, Browser_History.txt, Download_History.txt, Autofill_Data.txt<\/td><\/tr><tr><td>\u0110\u00ednh k\u00e8m<\/td><td>T\u1ec7p zip c\u1ee7a&nbsp;th\u01b0 m\u1ee5c&nbsp;<strong>%TEMP%\\Browsers &nbsp;<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Ph\u1ea7n 1 bao g\u1ed3m c\u00e1c t\u00ednh n\u0103ng ban \u0111\u1ea7u c\u1ee7a Emansrepo v\u00ec ch\u1ec9 c\u00f3 m\u00e3 cho ph\u1ea7n 1 trong bi\u1ebfn th\u1ec3 th\u00e1ng 11 n\u0103m 2023 (e346f6b36569d7b8c52a55403a6b78ae0ed15c0aaae4011490404bdb04ff28e5). C\u1ea7n l\u01b0u \u00fd r\u1eb1ng&nbsp;<em>b\u00e1o c\u00e1o emans841<\/em>&nbsp;\u0111\u00e3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng l\u00e0m b\u1ed9 chia trong Saved_Passwords.txt k\u1ec3 t\u1eeb bi\u1ebfn th\u1ec3 th\u00e1ng 12 n\u0103m 2023 (ae2a5a02d0ef173b1d38a26c5a88b796f4ee2e8f36ee00931c468cd496fb2b5a). V\u00ec l\u00fd do n\u00e0y, ch\u00fang t\u00f4i g\u1ecdi n\u00f3 l\u00e0 Emansrepo.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-13.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 13: N\u1ed9i dung c\u1ee7a Saved_Passwords.txt<\/p>\n\n\n\n<p>Phi\u00ean b\u1ea3n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng v\u00e0o th\u00e1ng 11 n\u0103m 2023 s\u1eed d\u1ee5ng&nbsp;<em>Prysmax Premium<\/em>&nbsp;l\u00e0m b\u1ed9 chia.<\/p>\n\n\n\n<p>Khi so s\u00e1nh phi\u00ean b\u1ea3n v\u00e0o th\u00e1ng 11 n\u0103m 2023 v\u1edbi phi\u00ean b\u1ea3n \u0111\u1ea7u ti\u00ean c\u1ee7a Prysmax stealer \u0111\u01b0\u1ee3c chia s\u1ebb tr\u00ean GitHub, ch\u00fang t\u00f4i th\u1ea5y ch\u00fang c\u00f3 nhi\u1ec1u ch\u1ee9c n\u0103ng t\u01b0\u01a1ng t\u1ef1, m\u1eb7c d\u00f9 Emansrepo stealer c\u00f3 \u00edt t\u00ednh n\u0103ng h\u01a1n. Tuy nhi\u00ean, khi ph\u1ea7n 2 v\u00e0 3 \u0111\u01b0\u1ee3c th\u00eam v\u00e0o Emansrepo, n\u00f3 \u0111\u00e3 tr\u1edf n\u00ean kh\u00e1 kh\u00e1c bi\u1ec7t so v\u1edbi Prysmax stealer.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-14.png\" alt=\"H\u00ecnh 14: Tr\u00e1i: Bi\u1ebfn th\u1ec3 v\u00e0o th\u00e1ng 11 n\u0103m 2023. Ph\u1ea3i: Phi\u00ean b\u1ea3n \u0111\u1ea7u ti\u00ean c\u1ee7a Prysmax Stealer tr\u00ean GitHub\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 14: Tr\u00e1i: Bi\u1ebfn th\u1ec3 v\u00e0o th\u00e1ng 11 n\u0103m 2023. Ph\u1ea3i: Phi\u00ean b\u1ea3n \u0111\u1ea7u ti\u00ean c\u1ee7a Prysmax Stealer tr\u00ean GitHub<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ph\u1ea7n 2 \u2013 T\u1ec7p PDF, ti\u1ec7n \u00edch m\u1edf r\u1ed9ng, v\u00ed ti\u1ec1n \u0111i\u1ec7n t\u1eed v\u00e0 n\u1ec1n t\u1ea3ng tr\u00f2 ch\u01a1i<\/li>\n<\/ul>\n\n\n\n<p>Ph\u1ea7n 2 sao ch\u00e9p c\u00e1c t\u1ec7p PDF (nh\u1ecf h\u01a1n 0,1 MB) t\u1eeb c\u00e1c th\u01b0 m\u1ee5c Desktop, Document, Downloads v\u00e0 Recents v\u00e0 n\u00e9n c\u00e1c th\u01b0 m\u1ee5c ti\u1ec7n \u00edch m\u1edf r\u1ed9ng c\u1ee7a tr\u00ecnh duy\u1ec7t, v\u00ed ti\u1ec1n \u0111i\u1ec7n t\u1eed v\u00e0 n\u1ec1n t\u1ea3ng tr\u00f2 ch\u01a1i th\u00e0nh c\u00e1c t\u1ec7p zip.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>Ng\u01b0\u1eddi g\u1eedi<\/td><td>ph\u1ea7n m\u1edf r\u1ed9ngmtp@maternamedical[.]top<\/td><\/tr><tr><td>Ng\u01b0\u1eddi nh\u1eadn<\/td><td>filelogs@maternamedical[.]tr\u00ean c\u00f9ng<\/td><\/tr><tr><td>M\u1ee5c ti\u00eau<\/td><td><strong>Tr\u00ecnh duy\u1ec7t<\/strong>Opera, Chrome, Brave, Vivaldi, Yandex, Edge<strong>V\u00ed ti\u1ec1n \u0111i\u1ec7n t\u1eed<\/strong>V\u00ed Atomic, Guarda, Zcash, Armory, Bytecoin, Exodus, Binance, Electrum, Coinomi, jaxx<strong>N\u1ec1n t\u1ea3ng tr\u00f2 ch\u01a1i<\/strong>Steam, Tr\u00f2 ch\u01a1i b\u1ea1o lo\u1ea1n<strong>Ti\u1ec7n \u00edch m\u1edf r\u1ed9ng tr\u00ecnh duy\u1ec7t<\/strong>MetaMask, V\u00ed BNB Chain, V\u00ed Coinbase, V\u00ed Ronin, V\u00ed Trust, V\u00ed Venom, V\u00ed Sui, V\u00ed Martian Aptos &amp; Sui, TronLink, V\u00ed Petra Aptos, V\u00ed Pontem Crypto, V\u00ed Fewcha Move, V\u00ed Math, V\u00ed Coin98, Authenticator, V\u00ed Exodus Web3, Phantom, V\u00ed Core | Crypto &amp; NFT, TokenPocket &#8211; V\u00ed Web3 &amp; Nostr, V\u00ed m\u1edf r\u1ed9ng SafePal, V\u00ed Solflare, Kaikas, iWallet, Yoroi, Guarda, Jaxx Liberty, Wombat, V\u00ed Oxygen &#8211; Atomic Crypto, MEW CX, GuildWallet, V\u00ed Saturn, V\u00ed Station, Harmony, V\u00ed EVER, V\u00ed KardiaChain, V\u00ed Pali, BOLT X, V\u00ed Liquality, V\u00ed XDEFI, Nami, V\u00ed MultiversX, V\u00ed Temple &#8211; Tezos, XMR.PT<\/td><\/tr><tr><td>Th\u01b0 m\u1ee5c v\u00e0 t\u1eadp tin trong th\u01b0 m\u1ee5c t\u1ea1m th\u1eddi<\/td><td><strong>%TEMP%\\pdf_temps:<\/strong>C\u00e1c t\u1ec7p PDF (nh\u1ecf h\u01a1n 0,1 MB) \u0111\u01b0\u1ee3c sao ch\u00e9p t\u1eeb th\u01b0 m\u1ee5c Desktop, Document, Downloads v\u00e0 Recents{ID ph\u1ea7n m\u1edf r\u1ed9ng}.zip{th\u01b0 m\u1ee5c d\u1eef li\u1ec7u}.zip<\/td><\/tr><tr><td>\u0110\u00ednh k\u00e8m<\/td><td>T\u1ea5t c\u1ea3 c\u00e1c t\u1eadp tin trong pdf_temp<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ph\u1ea7n 3 \u2013 Cookie<\/li>\n<\/ul>\n\n\n\n<p>Ph\u1ea7n 3 sao ch\u00e9p c\u00e1c t\u1ec7p cookie v\u00e0 n\u00e9n ch\u00fang v\u00e0o {process_name}_cookies.zip.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>Ng\u01b0\u1eddi g\u1eedi<\/td><td>cookiesmtp@maternamedical[.]tr\u00ean c\u00f9ng<\/td><\/tr><tr><td>Ng\u01b0\u1eddi nh\u1eadn<\/td><td>cooklielogs@maternamedical[.]tr\u00ean c\u00f9ng<\/td><\/tr><tr><td>M\u1ee5c ti\u00eau<\/td><td><strong>Tr\u00ecnh duy\u1ec7t<\/strong>Chrome, msedge, brave, opera, 360se, 360browser, yandex, UCBrowser, QQBrowser<\/td><\/tr><tr><td>Th\u01b0 m\u1ee5c v\u00e0 t\u1eadp tin trong th\u01b0 m\u1ee5c t\u1ea1m th\u1eddi<\/td><td><strong>%TEMP%\\d\u1eef li\u1ec7u cookie:<\/strong>{t\u00ean_quy_tr\u00ecnh}_cookies.zip<\/td><\/tr><tr><td>T\u1ec7p zip<\/td><td>T\u1ec7p n\u00e9n trong cookies_data<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Chi\u1ebfn d\u1ecbch m\u1edbi<\/strong><\/p>\n\n\n\n<p>G\u1ea7n \u0111\u00e2y ch\u00fang t\u00f4i \u0111\u00e3 ph\u00e1t hi\u1ec7n ra m\u1ed9t chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng kh\u00e1c s\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i Remcos, m\u00e0 ch\u00fang t\u00f4i tin l\u00e0 c\u00f3 li\u00ean quan \u0111\u1ebfn c\u00f9ng m\u1ed9t k\u1ebb t\u1ea5n c\u00f4ng v\u00ec \u0111\u00e3 g\u1eedi email l\u1eeba \u0111\u1ea3o.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-15.png\" alt=\"H\u00ecnh 15: B\u00ean tr\u00e1i: email c\u1ee7a k\u1ebb \u0111\u00e1nh c\u1eafp th\u00f4ng tin Python. B\u00ean ph\u1ea3i: Email c\u1ee7a Remcos.\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 15: B\u00ean tr\u00e1i: email c\u1ee7a k\u1ebb \u0111\u00e1nh c\u1eafp th\u00f4ng tin Python. B\u00ean ph\u1ea3i: Email c\u1ee7a Remcos.<\/p>\n\n\n\n<p>Nh\u01b0 \u1ea3nh ch\u1ee5p m\u00e0n h\u00ecnh \u1edf tr\u00ean cho th\u1ea5y, c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y c\u00f3 c\u00f9ng n\u1ed9i dung nh\u01b0ng s\u1eed d\u1ee5ng c\u00e1c ph\u01b0\u01a1ng ph\u00e1p kh\u00e1c nhau \u0111\u1ec3 ph\u00e2n ph\u1ed1i ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i. Lu\u1ed3ng t\u1ea5n c\u00f4ng \u0111\u1ed1i v\u1edbi Remcos \u0111\u01a1n gi\u1ea3n h\u01a1n nhi\u1ec1u. K\u1ebb t\u1ea5n c\u00f4ng ch\u1ec9 g\u1eedi email l\u1eeba \u0111\u1ea3o c\u00f3 t\u1ec7p \u0111\u00ednh k\u00e8m \u0111\u1ed9c h\u1ea1i. T\u1ec7p \u0111\u00ednh k\u00e8m l\u00e0 DBatLoader, t\u1ea3i xu\u1ed1ng v\u00e0 gi\u1ea3i m\u00e3 d\u1eef li\u1ec7u cho payload. Payload l\u00e0 Remcos \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 b\u1edfi m\u1ed9t packer.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/aws.vacif.com\/wp-content\/uploads\/sites\/3\/2024\/09\/emansrepo-stealer-chuoi-tan-cong-da-vecto-16.png\" alt=\"H\u00ecnh 16: Lu\u1ed3ng t\u1ea5n c\u00f4ng c\u1ee7a chi\u1ebfn d\u1ecbch Remcos m\u1edbi\"\/><\/figure>\n\n\n\n<p>H\u00ecnh 16: Lu\u1ed3ng t\u1ea5n c\u00f4ng c\u1ee7a chi\u1ebfn d\u1ecbch Remcos m\u1edbi<\/p>\n\n\n\n<p><strong>Ph\u1ea7n k\u1ebft lu\u1eadn<\/strong><\/p>\n\n\n\n<p>Emansrepo \u0111\u00e3 ho\u1ea1t \u0111\u1ed9ng \u00edt nh\u1ea5t l\u00e0 t\u1eeb th\u00e1ng 11 n\u0103m ngo\u00e1i v\u00e0 ph\u01b0\u01a1ng ph\u00e1p t\u1ea5n c\u00f4ng li\u00ean t\u1ee5c ph\u00e1t tri\u1ec3n. C\u00e1c vect\u01a1 t\u1ea5n c\u00f4ng v\u00e0 ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i lu\u00f4n thay \u0111\u1ed5i v\u00e0 lan r\u1ed9ng, do \u0111\u00f3, \u0111i\u1ec1u quan tr\u1ecdng \u0111\u1ed1i v\u1edbi c\u00e1c t\u1ed5 ch\u1ee9c l\u00e0 duy tr\u00ec nh\u1eadn th\u1ee9c v\u1ec1 an ninh m\u1ea1ng. FortiGuard s\u1ebd ti\u1ebfp t\u1ee5c gi\u00e1m s\u00e1t c\u00e1c chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng n\u00e0y v\u00e0 cung c\u1ea5p c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 ph\u00f9 h\u1ee3p khi c\u1ea7n thi\u1ebft.<\/p>\n\n\n\n<p><strong>B\u1ea3o v\u1ec7 Fortinet<\/strong><\/p>\n\n\n\n<p>Ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c m\u00f4 t\u1ea3 trong b\u00e1o c\u00e1o n\u00e0y \u0111\u01b0\u1ee3c FortiGuard Antivirus ph\u00e1t hi\u1ec7n v\u00e0 ch\u1eb7n nh\u01b0 sau:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>W32\/Kryptik.EB!tr<br>JS\/Agent.FEI!tr<br>BAT\/Downloader.2C22!tr<\/li>\n<\/ul>\n\n\n\n<p>FortiGate, FortiMail, FortiClient v\u00e0 FortiEDR h\u1ed7 tr\u1ee3 d\u1ecbch v\u1ee5 FortiGuard AntiVirus. C\u00f4ng c\u1ee5 FortiGuard AntiVirus l\u00e0 m\u1ed9t ph\u1ea7n c\u1ee7a m\u1ed7i gi\u1ea3i ph\u00e1p. Do \u0111\u00f3, kh\u00e1ch h\u00e0ng c\u00f3 c\u00e1c s\u1ea3n ph\u1ea9m n\u00e0y v\u1edbi c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 c\u1eadp nh\u1eadt \u0111\u00e3 \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7.<\/p>\n\n\n\n<p>D\u1ecbch v\u1ee5 FortiGuard CDR (gi\u1ea3i tr\u1eeb v\u00e0 t\u00e1i thi\u1ebft n\u1ed9i dung) c\u00f3 th\u1ec3 gi\u1ea3i tr\u1eeb \u0111\u1ed1i t\u01b0\u1ee3ng li\u00ean k\u1ebft nh\u00fang b\u00ean trong t\u00e0i li\u1ec7u Excel.<\/p>\n\n\n\n<p>\u0110\u1ec3 c\u1eadp nh\u1eadt th\u00f4ng tin v\u1ec1 c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1edbi v\u00e0 \u0111ang n\u1ed5i l\u00ean, b\u1ea1n c\u00f3 th\u1ec3&nbsp;&nbsp;<a href=\"https:\/\/www.fortinet.com\/fortiguard\/labs\">\u0111\u0103ng k\u00fd<\/a>&nbsp;&nbsp;nh\u1eadn c\u1ea3nh b\u00e1o trong t\u01b0\u01a1ng lai.<\/p>\n\n\n\n<p>Ch\u00fang t\u00f4i c\u0169ng \u0111\u1ec1 xu\u1ea5t \u0111\u1ed9c gi\u1ea3 tham gia kh\u00f3a&nbsp;&nbsp;<a href=\"https:\/\/training.fortinet.com\/local\/staticpage\/view.php?page=fcf_cybersecurity\">\u0111\u00e0o t\u1ea1o mi\u1ec5n ph\u00ed Fortinet Cybersecurity Fundamentals (FCF)<\/a>&nbsp;, m\u1ed9t m\u00f4-\u0111un v\u1ec1 c\u00e1c m\u1ed1i \u0111e d\u1ecda Internet \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 gi\u00fap ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i t\u00ecm hi\u1ec3u c\u00e1ch x\u00e1c \u0111\u1ecbnh v\u00e0 b\u1ea3o v\u1ec7 b\u1ea3n th\u00e2n kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o.<\/p>\n\n\n\n<p>D\u1ecbch v\u1ee5 b\u1ea3o m\u1eadt FortiGuard IP Reputation v\u00e0 Anti-Botnet ch\u1ee7 \u0111\u1ed9ng ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y b\u1eb1ng c\u00e1ch t\u1ed5ng h\u1ee3p d\u1eef li\u1ec7u IP ngu\u1ed3n \u0111\u1ed9c h\u1ea1i t\u1eeb m\u1ea1ng l\u01b0\u1edbi ph\u00e2n t\u00e1n Fortinet g\u1ed3m c\u00e1c c\u1ea3m bi\u1ebfn \u0111e d\u1ecda, CERT, MITRE, c\u00e1c \u0111\u1ed1i th\u1ee7 c\u1ea1nh tranh h\u1ee3p t\u00e1c v\u00e0 c\u00e1c ngu\u1ed3n to\u00e0n c\u1ea7u kh\u00e1c c\u1ed9ng t\u00e1c \u0111\u1ec3 cung c\u1ea5p th\u00f4ng tin t\u00ecnh b\u00e1o v\u1ec1 m\u1ed1i \u0111e d\u1ecda m\u1edbi nh\u1ea5t v\u1ec1 c\u00e1c ngu\u1ed3n th\u00f9 \u0111\u1ecbch.<\/p>\n\n\n\n<p>N\u1ebfu b\u1ea1n tin r\u1eb1ng m\u1ed1i \u0111e d\u1ecda an ninh m\u1ea1ng n\u00e0y ho\u1eb7c b\u1ea5t k\u1ef3 m\u1ed1i \u0111e d\u1ecda n\u00e0o kh\u00e1c \u0111\u00e3 t\u00e1c \u0111\u1ed9ng \u0111\u1ebfn t\u1ed5 ch\u1ee9c c\u1ee7a b\u1ea1n, vui l\u00f2ng li\u00ean h\u1ec7 v\u1edbi&nbsp;&nbsp;<a href=\"https:\/\/www.fortinet.com\/corporate\/about-us\/contact-us\/experienced-a-breach\">Nh\u00f3m \u1ee9ng ph\u00f3 s\u1ef1 c\u1ed1 FortiGuard to\u00e0n c\u1ea7u<\/a>&nbsp;c\u1ee7a ch\u00fang t\u00f4i .<\/p>\n","protected":false},"excerpt":{"rendered":"<p>N\u1ec1n t\u1ea3ng b\u1ecb \u1ea3nh h\u01b0\u1edfng:&nbsp;Microsoft WindowsNg\u01b0\u1eddi d\u00f9ng b\u1ecb \u1ea3nh h\u01b0\u1edfng:&nbsp;Microsoft WindowsT\u00e1c \u0111\u1ed9ng:&nbsp;Th\u00f4ng tin b\u1ecb \u0111\u00e1nh c\u1eafp c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng trong t\u01b0\u01a1ng laiM\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng:&nbsp;Cao V\u00e0o th\u00e1ng 8 n\u0103m 2024, FortiGuard Labs \u0111\u00e3 ph\u00e1t hi\u1ec7n ra m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh \u0111\u00e1nh c\u1eafp th\u00f4ng tin python m\u00e0 ch\u00fang t\u00f4i g\u1ecdi [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":20566,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[80,10],"tags":[341,496],"class_list":["post-20426","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-huong-dan-tai-lieu","category-tin-tuc","tag-email-lua-dao","tag-microsoft-windows","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20426","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=20426"}],"version-history":[{"count":1,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20426\/revisions"}],"predecessor-version":[{"id":20580,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/20426\/revisions\/20580"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/20566"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=20426"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=20426"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=20426"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}