{"id":3147,"date":"2021-09-14T13:37:35","date_gmt":"2021-09-14T08:07:35","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3147"},"modified":"2021-09-14T13:37:37","modified_gmt":"2021-09-14T08:07:37","slug":"attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/","title":{"rendered":"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">An unauthorized Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been addressed by a security investigator while currently utilized in attacks targeting various companies across the world. Cobalt Strike is an appropriate penetration testing tool designed as an attack framework for red teams (Groups of various Security Professionals who behave like an attacker on their own org\u2019s framework to discover security gaps and vulnerabilities).<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Cobalt Strike is also utilized by threat actors generally dropped in ransomware attacks for post-exploitation tasks after deploying so-called beacons, which facilitate constant remote access to negotiated devices. Using beacons, threat actors can later access hijacked servers to harvest information or set up further malware payloads.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Over time, the damaged copies of Cobalt Strike have been generated and transmitted by threat attackers, becoming one of the most general tools utilized in Cyberattack leading to data hijack and ransomware. However, Cobalt Strike has always had a weakness \u2013 it only supports Windows devices and does not include Linux beacons.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">In advance news of Cobalt Strike, investigators explained how attackers have taken it upon themselves to create their Linux beacons consistent with Cobalt Strike. Utilizing these beacons, threat actors can achieve persistence and remote command execution on both Windows and Linux machines.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Undiscovered in VirusTotal<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">Intezer investigators, who first addressed the beacon re-implementation in August and dubbed it Vermilion Strike, said that the Cobalt Strike ELF binary they discovered is actively fully unpatched by anti-malware solutions.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Vermilion Strike comes with a similar configuration format as the official Windows beacon and can speak with all the Cobalt Strike servers, but does not use any of the Cobalt Strike\u2019s code. This new Linux malware also features technical overlaps the similar functionality and command-and-control servers with Windows DLL files advising at the same developer.&nbsp;&nbsp;<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"416\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Attackers-Made-Linux-Cobalt-Strike-Beacon-Utilized-in-recent-Attacks-image1-1024x416.png\" alt=\"Attackers-Made-Linux-Cobalt-Strike-Beacon-Utilized-in-recent-Attacks-image1\" class=\"wp-image-3150\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Attackers-Made-Linux-Cobalt-Strike-Beacon-Utilized-in-recent-Attacks-image1-1024x416.png 1024w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Attackers-Made-Linux-Cobalt-Strike-Beacon-Utilized-in-recent-Attacks-image1-300x122.png 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Attackers-Made-Linux-Cobalt-Strike-Beacon-Utilized-in-recent-Attacks-image1-768x312.png 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Attackers-Made-Linux-Cobalt-Strike-Beacon-Utilized-in-recent-Attacks-image1-1536x624.png 1536w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Attackers-Made-Linux-Cobalt-Strike-Beacon-Utilized-in-recent-Attacks-image1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">\u201cThe crafty sample utilizes Cobalt Strike\u2019s Command and Control (C2) protocol when transmitting to the C2 server and has Remote Access capabilities such as uploading files, executing shell command and writing to the files.\u201d The malware is completely undetected in VirusTotal at the time of this writing and was uploaded from Malaysia.\u201d<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Vermilion Strike can execute the following tasks once set up on a negotiated Linux system:<\/p><\/p>\n\n\n\n<ul><li>Change working directory<\/li><li>Get current working directory<\/li><li>Append\/write to file<\/li><li>Upload file to C2<\/li><li>Execute command through open<\/li><li>Get disk partitions<\/li><li>List files<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Expanding in Current Attacks since August<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">Using telemetry data facilitated by McAfee Enterprise ATR, Intezer also discover multiple orgs targeted using Vermilion Strike since August 2021 from various industry sectors ranging from telecom companies and government agencies to IT companies, financial institutions, and advisory companies worldwide.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">It&#8217;s also worth considering that Vermilion Strike is not the primary or only port of Cobalt Strike&#8217;s Beacon to Linux, with geacon, an open-source Go-based implementation, publicly available for the last two years.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">However, as Intezer told our experts, &#8220;this is the first Linux implementation that has been used for real attacks.&#8221; Unluckily, there is no information on the first attack vector the attackers use to target Linux systems.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">&#8220;The composure of this warning, its purpose to handle espionage, and the truth that the code hasn&#8217;t been seen before in other attacks, collectively with the fact that it targets specific entities in the wild, leads us to conclude that this threat was developed by a skilled threat actor,&#8221; Intezer concluded.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unauthorized Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been addressed by a security investigator while currently utilized in attacks targeting various companies across the world. Cobalt Strike is an appropriate penetration testing tool designed as an attack framework for red teams (Groups of various Security Professionals who behave [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3149,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"An unauthorized Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been addressed by a security investigator while currently utilized in attacks targeting various companies across the world. Cobalt Strike is an appropriate penetration testing tool designed as an attack framework for red teams (Groups of various Security Professionals who behave [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-14T08:07:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-14T08:07:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Attackers-Made-Linux-Cobalt-Strike-Beacon-Utilized-in-recent-Attacks-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks\",\"datePublished\":\"2021-09-14T08:07:35+00:00\",\"dateModified\":\"2021-09-14T08:07:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/\"},\"wordCount\":568,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/\",\"url\":\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/\",\"name\":\"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-09-14T08:07:35+00:00\",\"dateModified\":\"2021-09-14T08:07:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks - Xiarch Solutions Private Limited","og_description":"An unauthorized Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been addressed by a security investigator while currently utilized in attacks targeting various companies across the world. Cobalt Strike is an appropriate penetration testing tool designed as an attack framework for red teams (Groups of various Security Professionals who behave [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-09-14T08:07:35+00:00","article_modified_time":"2021-09-14T08:07:37+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/Attackers-Made-Linux-Cobalt-Strike-Beacon-Utilized-in-recent-Attacks-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks","datePublished":"2021-09-14T08:07:35+00:00","dateModified":"2021-09-14T08:07:37+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/"},"wordCount":568,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/","url":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/","name":"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-09-14T08:07:35+00:00","dateModified":"2021-09-14T08:07:37+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/attackers-made-linux-cobalt-strike-beacon-utilized-in-recent-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Attackers Made Linux Cobalt Strike Beacon Utilized in recent Attacks"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3147"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3147"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3147\/revisions"}],"predecessor-version":[{"id":3151,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3147\/revisions\/3151"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3149"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}